Project Hyphae

I’ve Got Your Back…..up!

Share This Post

CISA is alerting that Veeam versions 9.5, 10, and 11 contain 2 critical vulnerabilities that are actively being exploited in the wild. The two vulnerabilities, listed as CVE-2022-26500 and CVE-2022-26501, are both rated 9.8 on the CVSS scoring system and can be leveraged to gain control of a system. Veeam released advisories for these in March 2022 and has since released patches for both vulnerabilities, as long as you are on versions 10 or 11. If you are on version 9.5 the only fix is to upgrade to a supported version, then patch to version 10a or 11a.

The vulnerabilities are a result of the Veeam Distribution Service allowing unauthenticated users to access internal API functions. This would allow a remote attacker to send input to the service leading to uploading and executing malicious code.

As always, perform a threat-hunt to ensure that you’ve not been compromised, a patch does not fix a past compromise where an attacker left persistence mechanisms behind.

Link to CISA alert

Link to Veeam advisories including links to patches

More To Explore

Information Security News 1-23-2023

MailChimp Discloses New Breach After Employees Got Hacked Article Link: T-Mobile Suffers 8th Data Breach in Less Than 5 Years Article Link: Hackers

BianLian Ransomware Decryptor Made Public

BianLian, a Windows ransomware variant written in Go, the Google-created open source programming language, has been steadily increasing in popularity among threat actors since it

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.