"CISA Warns Veeam Backup & Replication Vulnerabilities Exploited in Attacks"

The US Cybersecurity and Infrastructure Security Agency (CISA) has recently added two flaws affecting Veeam's Backup & Replication product to its Known Exploited Vulnerabilities Catalog.  CISA added five flaws to its catalog on Tuesday, including ones affecting Veeam, Fortinet, Microsoft, and Citrix products.  Veeam's Backup & Replication product is designed for automating workload backups and discovery across cloud, virtual, physical, and NAS environments.  CISA noted that the vulnerabilities, tracked as CVE-2022-26500 and CVE-2022-26501, have been rated "critical," and they can be exploited by a remote, unauthenticated attacker for arbitrary code execution, which can lead to the hacker taking control of the targeted system.  The security vulnerabilities were patched back in March.  Veeam products can be a tempting target for malicious actors.  The vendor says the impacted product is used by 70% of Fortune 2000 companies, including major firms such as Volkswagen, Siemens, Deloitte, Shell, Fujitsu, Airbus, and Puma.  Companies are urged to patch the product as soon as possible.  

SecurityWeek reports: "CISA Warns Veeam Backup & Replication Vulnerabilities Exploited in Attacks"