CISA Warns of Vulnerabilities in Veeam Backup & Replication Used in Attacks


Two vulnerabilities affecting Veeam’s Backup & Replication product have been added to the US Cybersecurity and Infrastructure Security Agency’s (CISA) list of known exploited vulnerabilities.

On Tuesday, CISA added five vulnerabilities to its database, including ones that affect products from Veeam, Fortinet, Microsoft, and Citrix. The list now includes two security flaws affecting Veeam’s Backup & Replication enterprise backup solution. The product is intended for use in cloud, virtual, physical, and NAS environments to automate workload backups and discovery.

Also Read: Reasons Why Cybersecurity Compliance is Vital for Businesses

The flaws, identified as CVE-2022-26500 and CVE-2022-26501, have been given the severity rating of “critical,” and a remote, unauthenticated attacker may use them to execute arbitrary code on the targeted system.

Read More: CISA Warns Veeam Backup & Replication Vulnerabilities Exploited in Attacks