Black Arrow Cyber Advisory 19/12/2022 – Veeam Vulnerabilities Under Active Exploitation
Executive Summary
The US Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities which impact Veeam Backup and Replication, to its ‘Known Exploited Catalog’, due to evidence of the vulnerabilities being actively exploited in the wild.
The two now-patched vulnerabilities (CVE-2022-26500 and CVE-2022-26501) were published 12th March 2022 by Veeam and allow an attacker to remotely execute malicious code without authentication. The impacted versions of Veeam Backup and Replication were 9.5, 10 and 11.
What’s the risk to me or my business?
If organisations are still using a version of Veeam Backup and Replication with these vulnerabilities, then there is the potential that an attacker could gain control over a system, impacting the confidentiality, integrity and availability of an organisations data.
What can I do?
Organisations using Veeam should contact their MSP to ensure that they have either installed the patches as per Veeam guidance or are using a newly deployed version of 10a or 11a that used installation files dated post 2nd March 2022.
Temporary mitigation would involve stopping and disabling the Veeam Distribution Service.
Further information on this vulnerability be found here: https://www.veeam.com/kb4288
The CISA Known ‘Exploited Vulnerabilities Catalog’ can be found here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity