Backup

Veeam Agent Vulnerability: Fix Veeam Agent vulnerability for Microsoft Windows 

veeaamAgent1

Veeam Agent for Microsoft Windows is a data protection and disaster recovery solution for physical and virtual machines. Veeam Agent for Microsoft Windows can be used to protect different types of computers and devices: desktops, laptops, and tablets. If you run Veeam Backup and Replication Server version 9.5, 10, and 11. Kindly click on this link to find the fix to the CVE-2022-26500, CVE–2022-26501 vulnerabilities reported. Kindly refer to these related guides:  Veeam Certified Architect: A review of the VMCA Training & Certification, Standalone Veeam ONE installation: How to set up Veeam ONE 11 Server, how to uninstall Veeam Backup and Replication from your server, and Azure Backup and Recovery: How to setup Veeam Backup for Microsoft Azure [Part 1].

Vulnerability (CVE-2022-26503) in Veeam Agent for Microsoft Windows allows local privilege escalation. An attacker who successfully exploited this vulnerability could run arbitrary code with LOCAL SYSTEM privileges. It currently has a severity of High assigned and classified with the CVSS v3 score "7.8". For a detailed list of all Veeam guides, please visit the following link.

Cause

Veeam Agent for Microsoft Windows uses Microsoft .NET data serialization mechanisms. A local user may send malicious code to the network port opened by Veeam Agent for Windows Service (TCP 9395 by default), which will not be deserialized properly.

Note: There isn’t a workaround for the Veeam Agent vulnerability similar to Veeam Backup & Replication critical vulnerability. You will need to find a maintenance window in order to have the Veeam Agent upgraded on all affected Veeam Agent clients to remediate the vulnerability.

Solution

This vulnerability is fixed in the following Veeam Agent for Microsoft Windows patched releases:
5 (build 5.0.3.4708)
4 (build 4.0.2.2208)

Take note of the following guidance from Veeam on remediating your Veeam Agents:

  • For standalone version of Veeam Agent for Microsoft Windows (not managed by Veeam Backup & Replication) the patched release will need to be manually installed on each Veeam Agent machine.
  • If your Veeam Agents are managed by Veeam Backup & Replication, you can upgrade your Veeam Agents from the Veeam Backup & Replication Console after installing the cumulative Veeam Backup & Replication patches. Ideally, install the remediated version of VBR that fixes the new critical vulnerabilities and then upgrade your Veeam Agents from there. You can also upgrade the Agents automatically if the “auto-update backup agent” setting is enabled.
  • If you are using a version of Veeam Agent for Microsoft Windows prior to 4, please upgrade to a supported version.

I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x