We would like to bring your attention to the following unauthenticated remote code execution vulnerability within Veeam Backup & Replication. This issue is being tracked as CVE-2022-26500 & CVE-2022-26501 and has been given the CVSS v3 score of 9.8.
At this time we are unaware of any proof of concept attacks or exploits for this issue being available in the wild, we will continue to monitor the situation around this.
Am I Effected?
Versions of Veeam prior to the following versions are known to be vulnerable (including the unsupported version 9.5):
-
11a (build 11.0.1.1261 P20220302)
-
10a (build 10.0.1.4854 P20220304)
Remediation
Apply the patches provided by Veeam to your Veeam Backup and Replication Server:
References
-
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26500
-
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26501

Prime Day Scams – How Attackers Exploit Trust and Urgency
Every Prime Day, fake delivery texts flood inboxes, exploiting shoppers’ urgency and trust. We explain how these scams work and what both consumers and security teams…

Why So Syscalls? BOF Edition
Ibai Castells explains how moving from high level Windows APIs to lower level syscall usage alters what EDRs observe. It outlines the trade offs and gives…

Airport Chaos Shows How Fragile Our Infrastructure Really Is
Recent airport chaos revealed how fragile global infrastructure really is. A basic ransomware attack disrupted shared systems, grounding flights worldwide. The lesson is clear: outdated technology…