Fix critical Veeam Backup and Replication 9.5, 10, and 11 vulnerabilities

Posted on Christian By Christian No Comments on Fix critical Veeam Backup and Replication 9.5, 10, and 11 vulnerabilities
Veeam Backup and Replication

There are currently two critical Common Vulnerabilities and Exposures (CVEs) that affect Veeam Backup & Replication and account for two of the three critical Veeam Backup & Replication CVEs and the most serious of the products affected as at the time of writing this piece. The Critical Veeam Backup & Replication vulnerability notes include CVE-2022-26500 | CVE-2022-26501. Kindly refer to these related guides: Veeam Certified Architect: A review of the VMCA Training & Certification, Standalone Veeam ONE installation: How to set up Veeam ONE 11 Server, how to uninstall Veeam Backup and Replication from your server, and Azure Backup and Recovery: How to setup Veeam Backup for Microsoft Azure [Part 1]

These two CVEs (CVE-2022-26500, CVE–2022-26501) allow executing malicious code remotely without authentication. This may lead to gaining control over the target system. This carries a CVSS rating of 9.8 and its severity classified as Critical. Here is a fix for Veeam Agent vulnerability for Microsoft Windows.

Cause

Moreover, The vulnerability originates from Veeam Distribution Service on TCP 9380. Apply the essential Veeam Backup and Replication Vulnerability Fix for robust security. Furthermore, This allows unauthenticated users to access internal Veeam API functions. An attacker may send input to the Veeam API, allowing the uploading and executing of malicious code.

Worth noting: All new deployments of Veeam Backup & Replication versions 11 and 10 installed using the ISO images dated 20220302 or later are not vulnerable.

How can I temporarily resolve this issue?

Nonetheless, Per Veeam’s guidance, the current workaround involves implementing the Veeam Backup and Replication Vulnerability Fix. However, It is advised to halt and deactivate the Veeam Distribution Service to address the issue. The Veeam Distribution Service is installed on the Veeam Backup & Replication server and servers specified as distribution servers in Protection Groups.

vulnerabilities
critical fixes

Consider this temporary solution if you lack a maintenance window to patch the VBR Server.

Solution

Notably, for ensuring system security, patches are now accessible for Veeam 11a and 10a versions. However, The crucial Veeam Backup and Replication Vulnerability Fix need installation on the server. Managed servers using Veeam Distribution Service will receive automated updates post-patch installation.

Note: If you’re utilizing Veeam Backup and Replication 9.5, performing a Veeam Backup and Replication Vulnerability Fix is crucial by upgrading to a supported product version.

Rate this post
Backup Tags:, , ,

Related Posts

More Related Articles

veeam backup for Proxmox VE Backup and Restore Proxmox VE virtual machines with Veeam Backup
snapshot replication How to create Synology Snapshot Replication Backup
Fix Failed to Connect a Hyper V Standalone to Veeam Backup Invalid Credentials “Fix Failed to Connect a Hyper-V Standalone to Veeam Backup” Backup
How To Backup Your WordPress Database banner How to Backup and Restore your WordPress Files and Database Backup
Screenshot 2021 04 03 at 18.30.29 Setup Windows server backup and create backup jobs with Bare metal backup Backup
veeamcmce 2 A review of the VMCE training and certification Backup

Leave a Reply