Veeam fixes critical RCEs in backup solution (CVE-2022-26500, CVE-2022-26501)

Veeam Software has patched two critical vulnerabilities affecting its popular Veeam Backup & Replication solution, which could be exploited by unauthenticated attackers to remotely execute malicious code.

Veeam Backup & Replication is an enteprise data protection solution that allows admins to create image-level backups of virtual, physical, cloud machines and restore from them.

According to the company’s latest shared information, more than 450,000 users have downloaded Veeam Backup & Replication v11 since its launch in Q1 2021.

Veeam simply noted that “The Veeam Distribution Service allows unauthenticated users to access internal API functions. A remote attacker may send input to the internal API which may lead to uploading and executing of malicious code.”

Veeam Backup & Replication v9.5, 10 and 11 are affected, and patches have been provided for the latter two.

“The vulnerable process Veeam.Backup.PSManager.exe allows authentication using non-administrative domain credentials. A remote attacker may use the vulnerable component to execute arbitrary code,” the company shared, but added that the default Veeam Backup & Replication installation is not vulnerable to this issue.

Share this article on social media:

Subscribe to Our Newsletter!

Stay on top of cybersecurity risks, evolving threats and industry news.

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

Tell us about your needs.
Get an answer the same business day.

Tell us about your needs.
Get an answer the same business day.

Fill out the form below and get an answer from our experts within 1 business day.
Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.
PCI-DSS

What happens next:

  • We reach out to learn about your objectives
  • We work together to define your project's scope
  • You get an all-inclusive, no engagement proposal

Scroll to Top

BOOK A MEETING

Enter Your
Corporate Email

BOOK A MEETING WITH AN EXPERT

Enter Your Corporate Email

Restez Informés!

Abonnez-vous pour rester au fait des dernières tendances, menaces, nouvelles et statistiques dans l’industrie.