Filesystem I/O Control Vulnerability in Veeam Availability Suite and Backup & Replication
CVE-2020-15518

8.8HIGH

Key Information:

Vendor: Veeam
Status: Veeam Availability Suite; Veeam Backup \& Replication
Vendor: CVE Published:; 3 July 2020

What is CVE-2020-15518?

VeeamFSR.sys in Veeam Availability Suite and Veeam Backup & Replication prior to version 10 is susceptible to an improper access control vulnerability. The lack of a device object DACL allows unprivileged users to manipulate filesystem I/O requests, which can lead to unauthorized access and potential exploitation of system resources. This weakness highlights the importance of stringent access controls in preventing unauthorized operations within critical backup and recovery solutions.

References

https://zwclose.github.io/veeamon

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 3, 2020
Vulnerability Reserved
Jul 3, 2020