All vulnerabilities
CVE-2022-26501 Known ransomware use
Veeam Backup & Replication Remote Code Execution Vulnerability
Veeam — Backup & Replication
- Added to KEV catalog
- 13 December 2022
- Federal remediation due date
- 3 January 2023
- Weakness classification (CWE)
- CWE-306
CISA Description
The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code.
Required action
Apply updates per vendor instructions.
Notes
https://www.veeam.com/kb4288; https://nvd.nist.gov/vuln/detail/CVE-2022-26501
More Veeam Vulnerabilities
Confirm Your Exposure
Is this vulnerability present in your environment?
CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.
Explore VAPT Services