CVE-2022-26500 - Veeam Backup & Replication Remote Code Execution Vulnerability
Project:Veeam
Product:Backup & Replication
Date Added:2022-12-13Due Date:2023-01-03
Vulnerability Name
Veeam Backup & Replication Remote Code Execution Vulnerability
Description
The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply updates per vendor instructions.
Additional Notes
https://www.veeam.com/kb4288
https://nvd.nist.gov/vuln/detail/CVE-2022-26500