CVE-2015-5742 - Veeam Backup & Replication Critical Vulnerability

On October 7, 2015, Pasquale Fiorillo’s technical blog published a security advisory regarding a critical vulnerability (CVE-2015-5742) in the Veeam Backup & Replication software, potentially involving over 157,000 customers and 9.1 million virtual machines worldwide. Among the authors of the discovery are Francesco Ongaro, known as “ascii”, and Antonio “s4tan” Parata, both affiliated with ISGroup and the USH team. The vulnerability, classified as 0day at the time of publication, allowed privilege escalation up to complete domain control. Ongaro’s technical contribution was explicitly recognized in the announcement, confirming his advanced research activity in the field of information security.