Veeam Backup & Replication security updates - 20221216003

Overview

Veeam have released critical security updates for Veeam Backup & Replication products that may potentially allow executing malicious code remotely without authentication. This may lead to gaining control over the target system.

What is the threat?

The Veeam Distribution Service (TCP 9380 by default) allows unauthenticated users to access internal API functions. A remote attacker may send input to the internal API which may lead to uploading and executing of malicious code.

What is the vulnerability?

Veeam Backup & Replication 9.5U3, 9.5U4, 10.x, and 11.x are subject to the following vulnerabilities:

• CVE-2022-26400 - Known to be exploited.
• CVE-2022-26501 - Known to be exploited.

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

The ACSC is aware the vulnerability may have been exploited in the wild. The ACSC is not aware of successful exploitation attempts against Australian organisations.

Recommendation

Due to known exploitations, the WA SOC recommends remediating these vulnerabilities within the next two weeks as per vendor instructions: https://www.veeam.com/kb4288

Reference

• Veeam Knowledge Base - Security Advisories: https://www.veeam.com/knowledge-base.html?type=security