Home Security Veeam Backup and Replication Vulnerabilities Being Exploited in Assaults

Veeam Backup and Replication Vulnerabilities Being Exploited in Assaults

by crpt os


Dec 16, 2022Ravie LakshmananBackup & Recovery / Zero-Day

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities impacting Veeam Backup & Replication software to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation in the wild.

The now-patched critical flaws, tracked as CVE-2022-26500 and CVE-2022-26501, are both rated 9.8 on the CVSS scoring system, and could be leveraged to gain control of a target system.

“The Veeam Distribution Service (TCP 9380 by default) allows unauthenticated users to access internal API functions,” Veeam noted in an advisory published in March 2022. “A remote attacker may send input to the internal API which may lead to uploading and executing of malicious code.”

CyberSecurity

Both the issues that impact product versions 9.5, 10, and 11 have been addressed in versions 10a and 11a. Users of Veeam Backup & Replication 9.5 are advised to upgrade to a supported version.

Nikita Petrov, a security researcher at Russian cybersecurity firm Positive Technologies, has been credited with discovering and reporting the weaknesses.

“We believe that these vulnerabilities will be exploited in real attacks and will put many organizations at significant risk,” Petrov said on March 16, 2022. “That is why it is important to install updates as soon as possible or at least take measures to detect abnormal activity associated with these products.”

Details on the attacks exploiting these vulnerabilities are unknown as yet, but cybersecurity company CloudSEK disclosed in October that it observed multiple threat actors advertising a “fully weaponized tool for remote code execution” that abuse the two flaws.

Some of the possible consequences of successful exploitation are infection with ransomware, data theft, and denial of service, making it imperative that users apply the updates.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex