Veeam released patches for Veeam Backup & Replication on March 12, 2022. Multiple vulnerabilities (CVE-2022-26500, CVE-2022-26501) in Veeam Backup & Replication allow executing malicious code remotely without authentication. This may lead to gaining control over the target system.
Patches are available for the following Veeam Backup & Replication versions:
- The patch must be installed on the Veeam Backup & Replication server. Managed servers with Veeam Distribution Service will be updated automatically after installing the patch.
- All new deployments of Veeam Backup & Replication version 11 and 10 installed using the ISO images dated 20220302 or later are not vulnerable.
- If you are using Veeam Backup & Replication 9.5, please upgrade to a supported product version.
- Temporary mitigation of the vulnerabilities: Stop and disable the Veeam Distribution Service. The Veeam Distribution Service is installed on the Veeam Backup & Replication server and servers specified as distribution servers in Protection Groups.
Before installing this Cumulative Patch using the Patch Installer, please confirm that you are running Veeam Backup & Replication 11a (build 184.108.40.2061) with or without earlier patches. You can check the build number under Help | About in the backup console. After the upgrade, your build number will be 220.127.116.111 P20220302.
If you are running any Veeam Backup & Replication version between 9.5 U4b (18.104.22.16866) and 11 (22.214.171.1247 P20210525), you must use the ISO below to upgrade to version 11a P20220302.
1.Download patch installer.
2.Dsiable all jobs.
4.On the User Account Control page, click Yes.
5.On the Welcome page, click Next.
6.It may pop up warning message if you didn’t disable jobs or close the user interface.
7.On the Ready to Install page, click Install.
8.On the installed successfully page, click Finish.
9.Open Veeam Backup & Replication management console, click Connect.
10.On the Component Update Servers page, select all and click Apply.
11.On the Update page, click Finish.
12.Verify version, it will be 126.96.36.1991 P20220302.
13.Unselect disable to enable all jobs.
Web Site: carysun.com
Blog Site: checkyourlogs.net
Blog Site: gooddealmart.com
Author: Cary Sun
Cary Sun is an Principal Consultant, He has a strong background specializing in datacenter and deployment solutions, and has spent over 20 years in the planning, design, and implementation of network technologies and Management and system integration.He hold CISCO CERTIFIED INTERNETWORK EXPERT (CCIE No.4531) from 1997.Cary is also a Microsoft Most Valuable Professional (MVP) and Cisco Champion, He is a published author with serveral titles, include blogs on Checkyourlogs.net, author for many books. Specialties: CCIE /CCNA / MCSE / MCITP / MCTS / MCSA / Solution Expert / CCA