This module uses a .NET deserialization vulnerability to deploy an agent in Veeam Backup and Replication that will run with the NT AUTHORITY\SYSTEM user privileges. The module will trigger the vulnerability by crafting a Veeam.Backup.EsxManager.xmlFrameworkDs .NET class type object and sending it to the /VeeamAuthService .NET remoting endpoint using an external .NET executable. The deserialization of the crafted object will execute system commands to deploy the agent.
CVE Link
Exploit Platform
Exploit Type
Product Name