We would like to bring your attention to the following unauthenticated remote code execution vulnerability within Veeam Backup & Replication. This issue is being tracked as CVE-2022-26500 & CVE-2022-26501 and has been given the CVSS v3 score of 9.8.
At this time we are unaware of any proof of concept attacks or exploits for this issue being available in the wild, we will continue to monitor the situation around this.
Am I Effected?
Versions of Veeam prior to the following versions are known to be vulnerable (including the unsupported version 9.5):
-
11a (build 11.0.1.1261 P20220302)
-
10a (build 10.0.1.4854 P20220304)
Remediation
Apply the patches provided by Veeam to your Veeam Backup and Replication Server:
References
-
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26500
-
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26501
Claude Jailbroken To Attack Mexican Government Agencies
A threat actor jailbroke Claude to orchestrate a month-long attack on Mexican government networks, stealing 150 GB of sensitive data. We analyze what really happened and…
Jayson E Street Joins CovertSwarm
The man who accidentally robbed the wrong bank in Beirut is now part of the Swarm. Jayson E Street joins as Swarm Fellow to help us…
iNTERCEPT – How A Small RF Experiment Turned Into A Community SIGINT Platform
I’ve always been fascinated by RF. There’s something about the fact that it’s invisible, the fact that you might be able to hear aircraft passing overhead…