Headline
CVE-2022-26504: KB4290: CVE-2022-26504
Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe
Challenge
Vulnerability (CVE-2022-26504) in Veeam Backup & Replication component used for Microsoft System Center Virtual Machine Manager (SCVMM) integration allows domain users to execute malicious code remotely. This may lead to gaining control over the target system.
Severity: High
CVSS v3 score: 8.8
Cause
The vulnerable process Veeam.Backup.PSManager.exe (TCP 8732 by default) allows authentication using non-administrative domain credentials. A remote attacker may use the vulnerable component to execute arbitrary code.
NOTE: The default Veeam Backup & Replication installation is not vulnerable to this issue. Only Veeam Backup & Replication installations with an SCVMM server registered are vulnerable.
Solution
Patches are available for the following Veeam Backup & Replication versions:
- 11a (build 11.0.1.1261 P20220302)
- 10a (build 10.0.1.4854 P20220304)
Notes:
- The patch must be installed on the Veeam Backup & Replication server.
- All new deployments of Veeam Backup & Replication versions 11 and 10 installed using the ISO images dated 20220302 or later are not vulnerable.
Click here to send feedback regarding this KB, or suggest content for a new KB.
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.