Vulnerabilities > CVE-2020-15518 - Missing Authorization vulnerability in Veeam products

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

veeam

CWE-862

NVD

Published: 2020-07-03

Updated: 2021-07-21

Summary

VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup & Replication before 10 has no device object DACL, which allows unprivileged users to achieve total control over filesystem I/O requests.

Vulnerable Configurations

Part	Description	Count
Application	Veeam Veeam Veeam Availability Suite * Veeam Veeam Backup & Replication 5.0.2.230 Veeam Veeam Backup & Replication 8.0.0.2030 Veeam Veeam Backup & Replication 9.5.0.1536 Veeam Veeam Backup & Replication 9.5.4.2615	5

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://zwclose.github.io/veeamon