Fix critical Veeam Backup and Replication 9.5, 10, and 11 vulnerabilities

Posted on Christian By Christian No Comments on Fix critical Veeam Backup and Replication 9.5, 10, and 11 vulnerabilities
Veeam Backup and Replication

There are currently two critical Common Vulnerabilities and Exposures (CVEs) that affect Veeam Backup & Replication and account for two of the three critical Veeam Backup & Replication CVEs and the most serious of the products affected as at the time of writing this piece. The Critical Veeam Backup & Replication vulnerability notes include CVE-2022-26500 | CVE-2022-26501. Kindly refer to these related guides: Veeam Certified Architect: A review of the VMCA Training & Certification, Standalone Veeam ONE installation: How to set up Veeam ONE 11 Server, how to uninstall Veeam Backup and Replication from your server, and Azure Backup and Recovery: How to setup Veeam Backup for Microsoft Azure [Part 1]

These two CVEs (CVE-2022-26500, CVE–2022-26501) allow executing malicious code remotely without authentication. This may lead to gaining control over the target system. This carries a CVSS rating of 9.8 and its severity classified as Critical. Here is a fix for Veeam Agent vulnerability for Microsoft Windows.

Cause

Moreover, The vulnerability originates from Veeam Distribution Service on TCP 9380. Apply the essential Veeam Backup and Replication Vulnerability Fix for robust security. Furthermore, This allows unauthenticated users to access internal Veeam API functions. An attacker may send input to the Veeam API, allowing the uploading and executing of malicious code.

Worth noting: All new deployments of Veeam Backup & Replication versions 11 and 10 installed using the ISO images dated 20220302 or later are not vulnerable.

How can I temporarily resolve this issue?

Nonetheless, Per Veeam’s guidance, the current workaround involves implementing the Veeam Backup and Replication Vulnerability Fix. However, It is advised to halt and deactivate the Veeam Distribution Service to address the issue. The Veeam Distribution Service is installed on the Veeam Backup & Replication server and servers specified as distribution servers in Protection Groups.

vulnerabilities
critical fixes

Consider this temporary solution if you lack a maintenance window to patch the VBR Server.

Solution

Notably, for ensuring system security, patches are now accessible for Veeam 11a and 10a versions. However, The crucial Veeam Backup and Replication Vulnerability Fix need installation on the server. Managed servers using Veeam Distribution Service will receive automated updates post-patch installation.

Note: If you’re utilizing Veeam Backup and Replication 9.5, performing a Veeam Backup and Replication Vulnerability Fix is crucial by upgrading to a supported product version.

Rate this post
Backup Tags:, , ,

Related Posts

More Related Articles

Object First OOTBI Appliance Configuration How to Configure Object First OOTBI Appliance Backup
S3 Bucket Replication Set up Cross-Region Replication for S3 Buckets AWS/Azure/OpenShift
Upgrade for Veeam ONE How to upgrade Veeam ONE to v12.1 Backup
onedrived43 How to share Files and Restore Previous versions of Files in Microsoft OneDrive Backup
Upgrade veeam Backup and replication How to upgrade Veeam Backup and Replication 12.3 Backup
veeam Fix Failed to connect to Veeam Backup and Replication Server Backup

Leave a Reply