- Product
Product Overview
Sophisticated security with unmatched simplicityCloud SIEM
Pre-configured detections across your environmentHoneypots
Deception technology to detect lateral movementEndpoint Visibility
Real-time monitoring with added detection & responseSecurity Reports
Data visualizations, compliance reports, and executive summariesAutomated Response
Detect, prioritize, and neutralize threats around the clockIntegrations
Cloud, on-prem, and open API connectionsXDR Platform
A complete view to identify risk, and things operational
- Pricing
- Why Blumira
Why Blumira
The Security Operations platform IT teams loveWatch A Demo
See Blumira in action and how it builds operational resilienceUse Cases
A unified security solution for every challengePricing
Unlimited data and predictable pricing structureCompany
Our human-centered approach to cybersecurityCompare Blumira
Find out how Blumira stacks up to similar security toolsIntegrations
Cloud, on-prem, and open API connectionsCustomer Stories
Learn how others like you found success with Blumira
- Solutions
- Partners
- Resources
What Happened?
Two critical vulnerabilities (CVE-2022-26500 and CVE-2022-26501) were discovered in Veeam Backup and Replication that allow potential adversaries to remotely execute code without authentication.
Another vulnerability, CVE-2022-26503, was discovered in Veeam Agent for Microsoft Windows that allows for local privilege escalation (LPE).
Positive Technologies, a cybersecurity company based in South Korea, uncovered all three flaws.
How Bad is This?
Both remote code execution (RCE) vulnerabilities (CVE-2022-26500 and CVE-2022-26501) were issued a 9.8 rating on the CVSS scale; in other words, critical severity. RCE is one of the most dangerous types of flaws. Combined with the fact that no authentication is needed makes this a ripe attack vector for ransomware groups and other cybercriminals.
The LPE flaw found in Veeam Agent for Microsoft Windows is less critical with 7.8 CVSS rating, but it is still considered high severity.
Ransomware groups might show an interest in this CVE. https://t.co/ilEQ4dHsXn
— Kevin Beaumont (@GossiTheDog) March 13, 2022
Veeam Backup and Replication is a recovery solution for cloud, physical and virtual workloads. Veeam is common within SMB and MSP environments, and has high confidentiality access by design.
The good news is that no exploits are publicly available yet, according to a Kevin Beaumont (@GossiTheDog) tweet. However, it’s likely a matter of time until exploits are released.
What Should I Do?
Fortunately, there are patches available that resolve the issues; immediately patch to mitigate your risk.
If you’re unable to patch, Veeam has offered instructions on how to temporarily mitigate the risk:
“Stop and disable the Veeam Distribution Service. The Veeam Distribution Service is installed on the Veeam Backup & Replication server and servers specified as distribution servers in Protection Groups.”
Try Blumira For Free
Blumira’s cloud SIEM detects and alerts you about suspicious behavior in your environment so that you can stop an incident early enough to prevent damage. Each finding we send is accompanied with a security playbook, giving you clear recommendations on how to remediate an attack. Our support team of security analysts is always available to answer questions on how to interpret a finding, or for other security help.
Blumira’s free trial is easy to deploy; IT and security teams can start seeing immediate security value for their organizations.
Mike Toole
Mike Toole, Head of Security and IT at Blumira, has over a decade of experience in IT. Prior to joining Blumira, he managed IT for Duo Security and Censys. He has broad experience with a range of IT and security focus areas, including compliance, network design, log monitoring, project management, and cross-platform...
More from the blog
View All Posts
Security Trends and Info
9 min read
| July 24, 2025
Critical Microsoft SharePoint Server vulnerability allows unauthorized code execution
Read More
Security Alerts
6 min read
| July 1, 2024
New Unauthenticated Remote Code Execution Flaw Identified in OpenSSH Server
Read More
Security Alerts
5 min read
| April 12, 2024
CVE-2024-3400: Palo Alto Vulnerabilities in GlobalProtect Gateway Lead to RCE
Read MoreSubscribe to email updates
Stay up-to-date on what's happening at this blog and get additional content about the benefits of subscribing.