CISA recommends to patch these two Veeam flaws that can be exploited by a remote attacker who is not authenticated to execute arbitrary code

On Tuesday, CISA updated its catalog with five new vulnerabilities, including those that affect products made by Veeam, Fortinet, Microsoft, and Citrix.

The previously existing list has been expanded to include two additional vulnerabilities that harm Veeam’s Backup & Replication, a corporate backup service. This solution is intended for use in cloud, virtual, physical, and network attached storage (NAS) settings for the purpose of automating workload backups and discovery.

The vulnerabilities, which are tracked as CVE-2022-26500 and CVE-2022-26501, have been rated as ‘critical,’ and they can be exploited by a remote attacker who is not authenticated to execute arbitrary code. This can lead to the hacker gaining control of the system that is being targeted.

The security weaknesses, which were found by researchers at Positive Technologies, were patched in March, along with two more code execution vulnerabilities, which were tracked as CVE-2022-26503 and CVE-2022-26504, respectively.

CISA does not provide information on the attacks that exploit these vulnerabilities; however, a cybersecurity firm reported in October that it had seen multiple threat actors advertising a “fully weaponized tool for remote code execution” that exploited several vulnerabilities in Veeam Backup & Replication, including CVE-2022-26500 and CVE-2022-26501. CVE-2022-26500 and CVE-2022-26501 are just two of the vulnerabilities that were exploited.

Veeam is aware of the ‘Veeamp’ malware, which shows that ransomware actors are targeting our software in an attempt to disrupt backups and steal passwords. Veeam is aware of this malware.These credentials are stored in our database by Veeam since we need them in order to access the infrastructure. The storage of passwords is done in an encrypted format, which prevents unwanted parties from accessing the data. Because the attacker in this scenario has to have direct access to the Veeam server in order to decrypt the passwords, it is safe to assume that the attacker already possesses elevated rights and has already penetrated the victim’s network.

This is another reminder for businesses and other organizations to review their own internal cybersecurity efforts to ensure that software and operating systems have all of the latest patches and updates installed, that identities are being managed in a secure manner, and that progress is being made toward the adoption of zero-trust technologies, such as encryption.
Products made by Veeam can be an enticing target for anyone with malevolent intent.