logo

CVE-2022-26500 - Veeam Backup & Replication Remote Code Execution Vulnerability

CVE-2022-26500

Veeam | Backup & Replication

  • Date Added:
  • 2022-12-13
  • Due Date:
  • 2023-01-03
Vulnerability Name

Veeam Backup & Replication Remote Code Execution Vulnerability

Description

The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code.

Known To Be Used in Ransomware Campaigns?

Known

Action

Apply updates per vendor instructions.

Additional Notes
https://www.veeam.com/kb4288; https://nvd.nist.gov/vuln/detail/CVE-2022-26500

Free security scan for your website