We would like to bring your attention to the following unauthenticated remote code execution vulnerability within Veeam Backup & Replication. This issue is being tracked as CVE-2022-26500 & CVE-2022-26501 and has been given the CVSS v3 score of 9.8.
At this time we are unaware of any proof of concept attacks or exploits for this issue being available in the wild, we will continue to monitor the situation around this.
Am I Effected?
Versions of Veeam prior to the following versions are known to be vulnerable (including the unsupported version 9.5):
-
11a (build 11.0.1.1261 P20220302)
-
10a (build 10.0.1.4854 P20220304)
Remediation
Apply the patches provided by Veeam to your Veeam Backup and Replication Server:
References
-
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26500
-
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26501
Cybersecurity Glossary
Read this comprehensive list we’ve compiled to assist experts, C-level executives, and those embarking on a cybersecurity career in navigating the extensive array of terms in…
An In-Depth Guide to Remote Desktop Protocol (RDP)
The continually changing nature of today’s workplace has made remote access technology essential.
Mitigating Credential Stuffing Attacks with IP Rotation: Strategies and Considerations
This article covers effective strategies to fight credential-stuffing attacks using IP rotation. By Ibai Castells
CovertSwarm at DEF CON 32: Insights from the Swarm
This time last week, our Swarm was taking over Las Vegas at DEF CON 32 – one of the biggest and oldest hacker conventions in the…