PT-2022-17907 · Veeam+1 · Veeam Backup & Replication+1
Published
2022-03-17
·
Updated
2024-05-09
·
CVE-2022-26504
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Veeam Backup & Replication versions 9.5U3 through 11.x
Description
The issue is related to improper authentication in the component used for Microsoft System Center Virtual Machine Manager (SCVMM), allowing attackers to execute arbitrary code via Veeam.Backup.PSManager.exe.
Recommendations
For versions 9.5U3 and 9.5U4, update to a version that includes the fix for this issue.
For versions 10.x, update to a version that includes the fix for this issue.
For version 11.x, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to Veeam.Backup.PSManager.exe until a patch is available.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
System Center Virtual Machine Manager
Veeam Backup & Replication