We would like to bring your attention to the following unauthenticated remote code execution vulnerability within Veeam Backup & Replication. This issue is being tracked as CVE-2022-26500 & CVE-2022-26501 and has been given the CVSS v3 score of 9.8.
At this time we are unaware of any proof of concept attacks or exploits for this issue being available in the wild, we will continue to monitor the situation around this.
Am I Effected?
Versions of Veeam prior to the following versions are known to be vulnerable (including the unsupported version 9.5):
-
11a (build 11.0.1.1261 P20220302)
-
10a (build 10.0.1.4854 P20220304)
Remediation
Apply the patches provided by Veeam to your Veeam Backup and Replication Server:
References
-
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26500
-
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26501
![](https://www.covertswarm.com/wp-content/uploads/2024/06/2024-Academy-Intake-3-640x320.png)
Academy Launches Second Intake
CovertSwarm’s Academy is opening the 2024 intake. Apply and start your cybersecurity journey as an ethical hacker.
![DORA & NIS2 European Flag](https://www.covertswarm.com/wp-content/uploads/2024/05/DORA-and-NIS2-European-Flag-640x320.png)
Combining regulation with real-world security assurance: DORA and NIS2
Whether you’re a local financial startup or a multinational food distributor, understanding how DORA and NIS2 may affect your organization is vital. With implementation dates just…
![](https://www.covertswarm.com/wp-content/uploads/2024/05/Clutch-100-fastest-growth-640x320.png)
CovertSwarm named by Clutch among Top 100 Fastest-Growing Companies
Clutch has recognized us for achieving one of the highest revenue growth rates from 2022 to 2023.