virus logo Intrusion Prevention

Veeam.Backup.and.Replication.Authentication.Bypass

description-logoDescription

This indicates an attack attempt to exploit an Authentication Bypass Vulnerability in Veeam Backup and Replication.
The vulnerability is due to lack of authorization when accessing an internal API service. A remote, unauthenticated attacker could exploit this vulnerability by authenticating to the target service with an NTLM anonymous session. Successful exploitation could lead to remote code execution on the target server.

affected-products-logoAffected Products

Veeam Backup and Replication 10a prior to 10.0.1.4854 P20220304
Veeam Backup and Replication 11a prior to 11.0.1.1261 P20220302
Veeam Backup and Replication 9.5U3
Veeam Backup and Replication 9.5U4

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.veeam.com/kb4288

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2022-05-18 20.318 Default_action:pass:drop
2022-05-09 20.311
ID 51502
Created Apr 28, 2022
Updated May 17, 2022
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
CVE ID CVE-2022-26501
Known Exploited Yes
Exploit Prediction Score 2.2%
Default Action drop
Active
Affected OS Windows
Affected App Other