Critical RCE Vulnerabilities Discovered in Veeam Backup & Replication

Veeam, a backup and cloud solutions provider, announced that it had fixed two critical vulnerabilities that allow remote code execution (RCE). CVE-2022-26500 and CVE-2022-26501 with CVSS scores of 9.8 are located on Veeam Distribution Services.

How Critical Are They?

Attackers can perform RCE by exploiting the vulnerability

CVE-2022-26500 and CVE-2022-26501 are both high-critical RCE vulnerabilities. They allow threat actors to gain control over the system without authentication.

Using TCP 9380 by default, Veeam Distribution Service allows sending inputs that could lead to unauthorized access to API functions and the loading of malicious code.

Companies back up all their sensitive data through services like Veeam. Therefore, such vulnerabilities are frequently exploited by ransomware gangs such as Conti, LockBit, and DarkSide.

What Can be Done?

Veeam has released a patch that fixes vulnerabilities for Backup & Replication versions 11a and 10a. Veeam states that these patches should be installed on the Veeam Backup & Replication server immediately.

Which Versions are Affected?

In its statement, Veeam emphasizes that new distributions of versions 11 and 10 installed using ISO images 20220302 or later are not vulnerable and that all users using other versions should update.

How to Detect RCE Vulnerabilities?

To detect critical vulnerabilities and establish a proactive understanding of cybersecurity in your environment, you must constantly monitor your digital assets and existing technologies. SOCRadar offers Vulnerability Intelligence as part of its Extended Threat Intelligence service.

You can easily access all current news about related products and technologies and follow the developments. In this way, you feed your cybersecurity team and have the privilege of early warning against potential threats.