Veeam released patches for Veeam Backup & Replication on March 12, 2022. Multiple vulnerabilities (CVE-2022-26500, CVE-2022-26501) in Veeam Backup & Replication allow executing malicious code remotely without authentication. This may lead to gaining control over the target system.
Patches are available for the following Veeam Backup & Replication versions:
Notes:
- The patch must be installed on the Veeam Backup & Replication server. Managed servers with Veeam Distribution Service will be updated automatically after installing the patch.
- All new deployments of Veeam Backup & Replication version 11 and 10 installed using the ISO images dated 20220302 or later are not vulnerable.
- If you are using Veeam Backup & Replication 9.5, please upgrade to a supported product version.
- Temporary mitigation of the vulnerabilities: Stop and disable the Veeam Distribution Service. The Veeam Distribution Service is installed on the Veeam Backup & Replication server and servers specified as distribution servers in Protection Groups.
From <https://www.veeam.com/kb4288>
Before installing this Cumulative Patch using the Patch Installer, please confirm that you are running Veeam Backup & Replication 11a (build 11.0.1.1261) with or without earlier patches. You can check the build number under Help | About in the backup console. After the upgrade, your build number will be 11.0.1.1261 P20220302.
If you are running any Veeam Backup & Replication version between 9.5 U4b (9.5.4.2866) and 11 (11.0.0.837 P20210525), you must use the ISO below to upgrade to version 11a P20220302.
1.Download patch installer.
11a (build 11.0.1.1261 P20220302)
10a (build 10.0.1.4854 P20220304)
2.Dsiable all jobs.
3.Run VeeamBackup&Replication_11.0.1.1261_20220302.exe.
4.On the User Account Control page, click Yes.
5.On the Welcome page, click Next.
6.It may pop up warning message if you didn’t disable jobs or close the user interface.
7.On the Ready to Install page, click Install.
8.On the installed successfully page, click Finish.
9.Open Veeam Backup & Replication management console, click Connect.
10.On the Component Update Servers page, select all and click Apply.
11.On the Update page, click Finish.
12.Verify version, it will be 11.0.1.1261 P20220302.
13.Unselect disable to enable all jobs.
Cary Sun
Twitter: @SifuSun
Web Site: carysun.com
Blog Site: checkyourlogs.net
Blog Site: gooddealmart.com
Author: Cary Sun
Cary Sun has a wealth of knowledge and expertise in data center and deployment solutions. As a Principal Consultant, he likely works closely with clients to help them design, implement, and manage their data center infrastructure and deployment strategies.
With his background in data center solutions, Cary Sun may have experience in server and storage virtualization, network design and optimization, backup and disaster recovery planning, and security and compliance management. He holds CISCO CERTIFIED INTERNETWORK EXPERT (CCIE No.4531) from 1999. Cary is also a Microsoft Most Valuable Professional (MVP), Microsoft Azure MVP, Veeam Vanguard and Cisco Champion. He is a published author with several titles, including blogs on Checkyourlogs.net, and the author of many books.
Cary is a very active blogger at checkyourlogs.net and is permanently available online for questions from the community. His passion for technology is contagious, improving everyone around him at what they do.
Blog site: https://www.checkyourlogs.net
Web site: https://carysun.com
Blog site: https://gooddealmart.com
Twitter: @SifuSun
in: https://www.linkedin.com/in/sifusun/
Amazon Author: https://Amazon.com/author/carysun