"Multiple RCE Vulnerabilities Discovered in Veeam Backup & Replication App"

Several critical and high-severity vulnerabilities have been discovered by researchers at CloudSEK.  The vulnerabilities affect the Veeam Backup & Replication application and "can be exploited by advertising fully weaponized tools for remote code execution (RCE)."  The researchers noted that several threat actors were seen advertising the fully weaponized tool for remote code execution to exploit the following vulnerabilities affecting Veeam Backup & Replication: CVE-2022-26500 and CVE-2022-26501 with a CVSS V3 score of 9.8 and CVE-2022-26504 with a CVSS V3 score of 8.8.  According to the researchers, the successful exploitation of these common vulnerabilities and exposures (CVEs) can lead to copying files within the boundaries of the locale or from a remote Server Message Block (SMB) network, RCE without authorization, or RCE/LPE without authorization.  From a technical standpoint, Veeam Backup & Replication is a proprietary backup app for virtual environments built on VMware vSphere, Nutanix AHV, and Microsoft Hyper-V hypervisors.  The researchers also noted that the application not only backs up and recovers virtual machines (VMs) but can also be used to protect and restore individual files and applications for environments such as Exchange and SharePoint.  As for attribution, the researchers said malware named 'Veeamp' was found in the wild and used by the Monti and Yanluowang ransomware groups to dump credentials from an SQL database for Veeam backup management software.  CloudSEK has disclosed the above vulnerabilities to Veeam, which has already released patches in the 11.0.1.1261 version of its software.

Infosecurity reports: "Multiple RCE Vulnerabilities Discovered in Veeam Backup & Replication App"