Project Hyphae

I’ve Got Your Back…..up!

Share This Post

CISA is alerting that Veeam versions 9.5, 10, and 11 contain 2 critical vulnerabilities that are actively being exploited in the wild. The two vulnerabilities, listed as CVE-2022-26500 and CVE-2022-26501, are both rated 9.8 on the CVSS scoring system and can be leveraged to gain control of a system. Veeam released advisories for these in March 2022 and has since released patches for both vulnerabilities, as long as you are on versions 10 or 11. If you are on version 9.5 the only fix is to upgrade to a supported version, then patch to version 10a or 11a.

The vulnerabilities are a result of the Veeam Distribution Service allowing unauthenticated users to access internal API functions. This would allow a remote attacker to send input to the service leading to uploading and executing malicious code.

As always, perform a threat-hunt to ensure that you’ve not been compromised, a patch does not fix a past compromise where an attacker left persistence mechanisms behind.

Link to CISA alert

Link to Veeam advisories including links to patches

Reach out to our incident response team for help

More To Explore

Information Security News 2-26-2024

United Health Confirms Optum Hack Behind US Healthcare Billing Outage Article Link: Privacy Beats Ransomware as Top Insurance Concern for Some Article Link:

Information Security News 2-19-2024

U.S. Internet Leaked Years of Internal, Customer Emails Article Link: Prudential Files Voluntary Breach Notice With SEC Article Link: U.S. State Government Network

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.