Fix critical Veeam Backup and Replication 9.5, 10, and 11 vulnerabilities

Posted on Christian By Christian No Comments on Fix critical Veeam Backup and Replication 9.5, 10, and 11 vulnerabilities
Veeam Backup and Replication

There are currently two critical Common Vulnerabilities and Exposures (CVEs) that affect Veeam Backup & Replication and account for two of the three critical Veeam Backup & Replication CVEs and the most serious of the products affected as at the time of writing this piece. The Critical Veeam Backup & Replication vulnerability notes include CVE-2022-26500 | CVE-2022-26501. Kindly refer to these related guides: Veeam Certified Architect: A review of the VMCA Training & Certification, Standalone Veeam ONE installation: How to set up Veeam ONE 11 Server, how to uninstall Veeam Backup and Replication from your server, and Azure Backup and Recovery: How to setup Veeam Backup for Microsoft Azure [Part 1]

These two CVEs (CVE-2022-26500, CVE–2022-26501) allow executing malicious code remotely without authentication. This may lead to gaining control over the target system. This carries a CVSS rating of 9.8 and its severity classified as Critical. Here is a fix for Veeam Agent vulnerability for Microsoft Windows.

Cause

Moreover, The vulnerability originates from Veeam Distribution Service on TCP 9380. Apply the essential Veeam Backup and Replication Vulnerability Fix for robust security. Furthermore, This allows unauthenticated users to access internal Veeam API functions. An attacker may send input to the Veeam API, allowing the uploading and executing of malicious code.

Worth noting: All new deployments of Veeam Backup & Replication versions 11 and 10 installed using the ISO images dated 20220302 or later are not vulnerable.

How can I temporarily resolve this issue?

Nonetheless, Per Veeam’s guidance, the current workaround involves implementing the Veeam Backup and Replication Vulnerability Fix. However, It is advised to halt and deactivate the Veeam Distribution Service to address the issue. The Veeam Distribution Service is installed on the Veeam Backup & Replication server and servers specified as distribution servers in Protection Groups.

vulnerabilities
critical fixes

Consider this temporary solution if you lack a maintenance window to patch the VBR Server.

Solution

Notably, for ensuring system security, patches are now accessible for Veeam 11a and 10a versions. However, The crucial Veeam Backup and Replication Vulnerability Fix need installation on the server. Managed servers using Veeam Distribution Service will receive automated updates post-patch installation.

Note: If you’re utilizing Veeam Backup and Replication 9.5, performing a Veeam Backup and Replication Vulnerability Fix is crucial by upgrading to a supported product version.

Rate this post
Backup Tags:, , ,

Related Posts

More Related Articles

Protect OOTBI Best Storage for Veeam: Comparing OOTBI by ObjectFirst to VHR Backup
Veeam Virtual Appliance for Backup and Restore How to setup Veeam Software Appliance v13 Backup
Veeam backup and replication update How to update Veeam Backup and Replication [VBR] Backup
VBR console update Veeam Backup Console must be updated to the latest version Backup
VHR upgrade Upgrade legacy VHR to Veeam Infrastructure Hardened Repository Backup
v13 harding Veeam Hardening Your Infrastructure: A Guide to VMware VBS and MS GPO Credential Guard in VBR v13 Backup

Leave a Reply