Veeam Releases Security Updates to Address Vulnerabilities in Backup & Replication and Agent for Microsoft Windows

Exploitation of critical RCE vulnerabilities in Veeam Backup & Replication has been reported

Threat ID:: CC-4055
Threat Severity:: Medium
Published:: 15 March 2022 11:44 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Exploitation of critical RCE vulnerabilities in Veeam Backup & Replication has been reported

Affected platforms

The following platforms are known to be affected:

Versions: 11, 10, 9.5

Veeam Backup & Replication

Versions: 5.0, 4.0, 3.0.2, 2.2, 2.1, 2.0

Veeam Agent for Microsoft Windows

Threat details

Introduction

Veeam has released security updates that address four vulnerabilities that involve remote code execution (RCE) and local privilege escalation. Some of these vulnerabilities could allow a remote, unauthenticated attacker to take control of a system.

Exploitation of CVE-2022-26500, CVE-2022-26501, and CVE-2022-26504 in the wild

There are reports of exploitation of CVE-2022-26500, CVE-2022-26501, and CVE-2022-26504. Affected organisations are strongly encouraged to patch immediately.

Remediation advice

Affected organisations should review Veeam's knowledge base articles below and apply any relevant updates or workarounds.

Remediation steps

Type	Step
Patch	Release Information for Veeam Backup & Replication 11a Cumulative Patches https://www.veeam.com/kb4245
Patch	Release Information for Veeam Backup & Replication 10a Cumulative Patch P20220304 https://www.veeam.com/kb4291
Guidance	Veeam Backup & Replication 9.5 is no longer supported https://www.veeam.com/kb4288
Patch	Veeam Agent for Microsoft Windows \| 4.0 \| 5.0 https://www.veeam.com/kb4289
Guidance	Veeam Agent for Microsoft Windows \| 2.0 \| 2.1 \| 2.2 \| 3.0.2 \| is no longer supported https://www.veeam.com/kb4289

Definitive source of threat updates

CVE Vulnerabilities

Status Published

CVE-2022-26500

Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code.

Status Published

CVE-2022-26501

Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4, 10.x, and 11.x allows attackers to execute arbitrary code remotely without authentication.

Status Published

CVE-2022-26503

Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges.

Status Published

CVE-2022-26504

Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe

Last edited: 27 October 2022 11:21 am