Veeam Backup & Replication Remote Code Execution Vulnerability – CVE-2022-26500 | CVE-2022-26501

Description –

The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code.

Mitigation/Solution –

Apply the patches available from VEEAM.

• 11a (build 11.0.1.1261 P20220302)
• 10a (build 10.0.1.4854 P20220304)

All new deployments of Veeam Backup & Replication version 11a and 10a installed using the ISO images dated 20220302 or later are not vulnerable.