This module exploits an authentication bypass in Veeam.Backup.ServiceLib.CForeignInvokerNegotiateAuthenticator.Authenticate. Then a file upload present in ExecuteUploadManagerPerformUpload is used to copy the Web.config file to the Webapp root foler in order to extract the machineKey values to create a ysoserial.NET payload to execute commands. The deployed agent will run with the privileges of the "IIS Worker Process" process (NT AUTHORITY\\NETWORK SERVICE).
CVE Link
Exploit Platform
Exploit Type
Product Name