Cybersecurity News

Veeam fixes critical RCEs in backup solution (CVE-2022-26500, CVE-2022-26501)

Veeam Software has patched two critical vulnerabilities affecting its popular Veeam Backup & Replication solution, which could be exploited by unauthenticated attackers to remotely execute malicious code.

Veeam Backup & Replication is an enteprise data protection solution that allows admins to create image-level backups of virtual, physical, cloud machines and restore from them.

According to the company’s latest shared information, more than 450,000 users have downloaded Veeam Backup & Replication v11 since its launch in Q1 2021.

Veeam simply noted that “The Veeam Distribution Service allows unauthenticated users to access internal API functions. A remote attacker may send input to the internal API which may lead to uploading and executing of malicious code.”

Veeam Backup & Replication v9.5, 10 and 11 are affected, and patches have been provided for the latter two.

“The vulnerable process Veeam.Backup.PSManager.exe allows authentication using non-administrative domain credentials. A remote attacker may use the vulnerable component to execute arbitrary code,” the company shared, but added that the default Veeam Backup & Replication installation is not vulnerable to this issue.

Stay on Top of Cyber Threats!
Subscribe to our monthly bulletin to stay updated on major cybersecurity risks.

Recent Cybersecurity News

Tell us about your needs.
Get an answer the same business day.

Tell us about your needs.
Get an answer the same business day.

Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.

What happens next:

  • We reach out to learn about your objectives
  • We work together to define your project's scope
  • You get an all-inclusive, no engagement proposal

No engagement. We answer within 24h.
Scroll to Top

BOOK A MEETING WITH AN EXPERT

Enter Your Corporate Email