Two vulnerabilities affecting Veeam’s Backup & Replication product have been added to the US Cybersecurity and Infrastructure Security Agency’s (CISA) list of known exploited vulnerabilities.
On Tuesday, CISA added five vulnerabilities to its database, including ones that affect products from Veeam, Fortinet, Microsoft, and Citrix. The list now includes two security flaws affecting Veeam’s Backup & Replication enterprise backup solution. The product is intended for use in cloud, virtual, physical, and NAS environments to automate workload backups and discovery.
The flaws, identified as CVE-2022-26500 and CVE-2022-26501, have been given the severity rating of “critical,” and a remote, unauthenticated attacker may use them to execute arbitrary code on the targeted system.