Fix critical Veeam Backup and Replication 9.5, 10, and 11 vulnerabilities

Posted on IT Expert By IT Expert No Comments on Fix critical Veeam Backup and Replication 9.5, 10, and 11 vulnerabilities
Veeam Backup and Replication

There are currently two critical Common Vulnerabilities and Exposures (CVEs) that affect Veeam Backup & Replication and account for two of the three critical Veeam Backup & Replication CVEs and the most serious of the products affected as at the time of writing this piece. The Critical Veeam Backup & Replication vulnerability notes include CVE-2022-26500 | CVE-2022-26501. Kindly refer to these related guides: Veeam Certified Architect: A review of the VMCA Training & Certification, Standalone Veeam ONE installation: How to set up Veeam ONE 11 Server, how to uninstall Veeam Backup and Replication from your server, and Azure Backup and Recovery: How to setup Veeam Backup for Microsoft Azure [Part 1]

These two CVEs (CVE-2022-26500, CVE–2022-26501) allow executing malicious code remotely without authentication. This may lead to gaining control over the target system. This carries a CVSS rating of 9.8 and its severity classified as Critical. Here is a fix for Veeam Agent vulnerability for Microsoft Windows.

Cause

Moreover, The vulnerability originates from Veeam Distribution Service on TCP 9380. Apply the essential Veeam Backup and Replication Vulnerability Fix for robust security. Furthermore, This allows unauthenticated users to access internal Veeam API functions. An attacker may send input to the Veeam API, allowing the uploading and executing of malicious code.

Worth noting: All new deployments of Veeam Backup & Replication versions 11 and 10 installed using the ISO images dated 20220302 or later are not vulnerable.

How can I temporarily resolve this issue?

Nonetheless, Per Veeam’s guidance, the current workaround involves implementing the Veeam Backup and Replication Vulnerability Fix. However, It is advised to halt and deactivate the Veeam Distribution Service to address the issue. The Veeam Distribution Service is installed on the Veeam Backup & Replication server and servers specified as distribution servers in Protection Groups.

vulnerabilities
critical fixes

Consider this temporary solution if you lack a maintenance window to patch the VBR Server.

Solution

Notably, for ensuring system security, patches are now accessible for Veeam 11a and 10a versions. However, The crucial Veeam Backup and Replication Vulnerability Fix need installation on the server. Managed servers using Veeam Distribution Service will receive automated updates post-patch installation.

Note: If you’re utilizing Veeam Backup and Replication 9.5, performing a Veeam Backup and Replication Vulnerability Fix is crucial by upgrading to a supported product version.

Rate this post
Backup Tags:, , ,

Related Posts

More Related Articles

S3 Bucket Replication Set up Cross-Region Replication for S3 Buckets AWS/Azure/OpenShift
SOBR implementing 3 2 1 Rule Achieve 3-2-1 rule with SOBR on Synology or OOTBI and Wasabi Backup
Time machine How to Backup MacOS to Synology NAS via Time Machine Backup
veeaamAgent1 Veeam Agent Vulnerability: Fix Veeam Agent vulnerability for Microsoft Windows  Backup
Fix invalid backup repostory and delete not needed repo via Veeam Backup Repository Fix missing path and delete a Veeam Backup Repository Backup
banner2 How to Integrate Postman With GitHub Automation

Leave a Reply