The most alarming of these flaws could allow authenticated users to execute remote code with root-level privileges, effectively handing over complete control of the backup infrastructure to an attacker.
This is kinda overblown. The exploit requires an “authenticated” user that does not already have an admin privilage. Seems to me like that is a very small population of possible examples.
The stupid Veeam software doesn’t even like to launch unless you run it as admin, so I wonder how many people have even built setups for non system-admin users to be able to do things with it.
my veeam is on a vlan that can’t even access the internet and isn’t connected to the domain, so anyone that can log into Windows on it is gonna have elevated privilages.
This is kinda overblown. The exploit requires an “authenticated” user that does not already have an admin privilage. Seems to me like that is a very small population of possible examples.
The stupid Veeam software doesn’t even like to launch unless you run it as admin, so I wonder how many people have even built setups for non system-admin users to be able to do things with it.
my veeam is on a vlan that can’t even access the internet and isn’t connected to the domain, so anyone that can log into Windows on it is gonna have elevated privilages.