Executive Risk Summary
"A vulnerability in Veeam Recovery Orchestrator allows a low-privileged user to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service. This could potentially lead to unauthorized access to sensitive data and systems."
Anticipated Attack Path
- 1. Initial Access: Low-privileged user gains access to Veeam Recovery Orchestrator
- 2. Privilege Escalation: User accesses NTLM hash of service account
- 3. Lateral Movement: Potential unauthorized access to sensitive data and systems
Am I Vulnerable?
- Verify user roles and access controls in Veeam Recovery Orchestrator
- Monitor for suspicious activity related to the Veeam Orchestrator Server Service
- Apply patch or workaround as recommended by Veeam
Operational Audit Arsenal
Target Type Windows Service
Target Asset VeeamOrchestratorServerService
Standard Path Windows Services
Manual Verification Required
This is a non-Windows asset (Veeam). Use the target asset details and official path provided above to verify your current version against the official vendor advisories listed below.
Patch Impact Forecast
Reboot Required Likely
Potential disruption to Veeam Recovery Orchestrator services
Internal Work Notes
Veeam Recovery Orchestrator vulnerability (CVE-2024-22022) - low-privileged user access to NTLM hash of service account
Technical Intelligence & Operational Utilities • Delivered Weekly
Intelligence Sources
Related Veeam Threats
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.