Veeam Software is recognized as a global leader in data backup, replication, and disaster recovery solutions. Unfortunately for users of Veeam Backup & Replication software versions 9.5, 10, and 11 there has been proof of exploitation attacks.

What It Is

December 13th, the U.S Cybersecurity and Infrastructure Security Agency (CISA) added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog that impacts Veeam Backup & Replication software. Both critical flaws tracked as CVE-2022-26500 and CVE-2022-26501 rank as a 9.8 on the CVSS scoring system.

CISA cites that there is no evidence of active exploitation in the wild but patches are already available. The vulnerability allows unauthenticated users to access internal API functions. A remote attacker may send input to the internal API which may lead to the uploading and executing of malicious code.

Why This is Important

Although details on the exploitation attacks aren’t available yet, possible consequences could include ransomware, data theft, and DDoS.

Veeam noted the affected software is used by 70% of Fortune 2000 companies.

These events provide yet another opportunity for organizations small and large to understand the importance of upgrading to supported system versions as soon as they become available.

What Needs to Be Done

At CyberMaxx we urge the precautions that Veeam and CISA have issued.

Updating/patching the product is recommended. Veeam logs data to the Windows Event Viewer by default and can send that data to SIEMs – customers/users should ensure Veeam devices are logging into a SIEM for review of suspicious logins, processes, services, etc.