Veeam released patches for Veeam Backup & Replication on March 12, 2022. Multiple vulnerabilities (CVE-2022-26500, CVE-2022-26501) in Veeam Backup & Replication allow executing malicious code remotely without authentication. This may lead to gaining control over the target system.
Patches are available for the following Veeam Backup & Replication versions:
Notes:
- The patch must be installed on the Veeam Backup & Replication server. Managed servers with Veeam Distribution Service will be updated automatically after installing the patch.
- All new deployments of Veeam Backup & Replication version 11 and 10 installed using the ISO images dated 20220302 or later are not vulnerable.
- If you are using Veeam Backup & Replication 9.5, please upgrade to a supported product version.
- Temporary mitigation of the vulnerabilities: Stop and disable the Veeam Distribution Service. The Veeam Distribution Service is installed on the Veeam Backup & Replication server and servers specified as distribution servers in Protection Groups.
From <https://www.veeam.com/kb4288>
Before installing this Cumulative Patch using the Patch Installer, please confirm that you are running Veeam Backup & Replication 11a (build 11.0.1.1261) with or without earlier patches. You can check the build number under Help | About in the backup console. After the upgrade, your build number will be 11.0.1.1261 P20220302.
If you are running any Veeam Backup & Replication version between 9.5 U4b (9.5.4.2866) and 11 (11.0.0.837 P20210525), you must use the ISO below to upgrade to version 11a P20220302.
1.Download patch installer.
11a (build 11.0.1.1261 P20220302)
10a (build 10.0.1.4854 P20220304)
2.Dsiable all jobs.
3.Run VeeamBackup&Replication_11.0.1.1261_20220302.exe.
4.On the User Account Control page, click Yes.
5.On the Welcome page, click Next.
6.It may pop up warning message if you didn’t disable jobs or close the user interface.
7.On the Ready to Install page, click Install.
8.On the installed successfully page, click Finish.
9.Open Veeam Backup & Replication management console, click Connect.
10.On the Component Update Servers page, select all and click Apply.
11.On the Update page, click Finish.
12.Verify version, it will be 11.0.1.1261 P20220302.
13.Unselect disable to enable all jobs.
Cary Sun
Twitter: @SifuSun
Web Site: carysun.com
Blog Site: checkyourlogs.net
Blog Site: gooddealmart.com