Vulnerabilities > CVE-2020-10914 - Deserialization of Untrusted Data vulnerability in Veeam ONE 9.5.4.4587
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PerformHandshake method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-10400.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Metasploit
| description | This module exploits a .NET deserialization vulnerability in the Veeam ONE Agent before the hotfix versions 9.5.5.4587 and 10.0.1.750 in the 9 and 10 release lines. Specifically, the module targets the HandshakeResult() method used by the Agent. By inducing a failure in the handshake, the Agent will deserialize untrusted data. Tested against the pre-patched release of 10.0.0.750. Note that Veeam continues to distribute this version but with the patch pre-applied. |
| id | MSF:EXPLOIT/WINDOWS/MISC/VEEAM_ONE_AGENT_DESERIALIZATION |
| last seen | 2020-06-14 |
| modified | 2020-05-01 |
| published | 2020-04-24 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/misc/veeam_one_agent_deserialization.rb |
| title | Veeam ONE Agent .NET Deserialization |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/157529/veeam_one_agent_deserialization.rb.txt |
| id | PACKETSTORM:157529 |
| last seen | 2020-05-09 |
| published | 2020-05-04 |
| reporter | wvu |
| source | https://packetstormsecurity.com/files/157529/Veeam-ONE-Agent-.NET-Deserialization.html |
| title | Veeam ONE Agent .NET Deserialization |