Veeam Backup & Replication Platform Migration Guide (Windows to Linux)

Article Applicability This article is related to a new capability to migrate the configuration of a Windows-based Veeam Backup & Replication deployment to a Veeam Software Appliance. Due to the variability in how Veeam Backup & Replication can be used, configured, and deployed, and the complexity...

VMware vCenter Server Virtual SAN Health Check Remote Code Execution Exploit

This Metasploit module exploits Java unsafe reflection and SSRF in the VMware vCenter Server Virtual SAN Health Check plugin's ProxygenController class to execute code as the vsphere-ui user. See the vendor advisory for affected and patched versions. Tested against VMware vCenter Server 6.7 Updat...

VMware vCenter Server Unauthenticated OVA File Upload RCE

This module exploits an unauthenticated OVA file upload and path traversal in VMware vCenter Server to write a JSP payload to a web-accessible directory. Fixed versions are 6.5 Update 3n, 6.7 Update 3l, and 7.0 Update 1c. Note that later vulnerable versions of the Linux appliance aren't exploitab...

VMware vCenter Server File Upload / Remote Code Execution Exploit

This Metasploit module exploits an unauthenticated OVA file upload and path traversal in VMware vCenter Server to write a JSP payload to a web-accessible directory. Fixed versions are 6.5 Update 3n, 6.7 Update 3l, and 7.0 Update 1c. Note that later vulnerable versions of the Linux appliance aren'...

VMware vCenter Server File Upload / Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware vCenter Server Unauthenticated OVA File Upload RCE', 'Description' = %q This module exploits an unauthenticated OVA file upload and path...

ExaGrid Arbitrary Command Execution Vulnerability

ExaGrid is a Linux-based backup and recovery storage appliance from ExaGrid, Inc. that provides deduplication capabilities. A security vulnerability exists in ExaGrid, which can be exploited by an attacker to take full control of the device and execute arbitrary commands with root privileges...

How to log in to the Linux Helper Appliance

Purpose This article documents how to login to the Linux appliance used by Veeam Backup & Replication. This is not a common need, but may be neccesary for troubleshooting or advanced configuration. Linux appliances are used by Veeam Backup & Replication for several purposes: In Surebackup, the...