CVE-2022-26504

HIGH EXPLOITED RANSOMWARE

Veeam Backup & Replication <11.x - RCE

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2022-26504 has been observed exploited in the wild (reported by VulnCheck KEV), including in ransomware campaigns.

Description

Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe

References (2)

Core 2
Core References
Vendor Advisory x_refsource_misc
https://veeam.com
Vendor Advisory x_refsource_misc
https://www.veeam.com/kb4290

Scores

CVSS v3 8.8
EPSS 0.0247
EPSS Percentile 82.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2022-10-24
Ransomware Use Confirmed
CWE
CWE-287
Status published
Products (5)
veeam/veeam_backup_\&_replication 9.5.0.1536
veeam/veeam_backup_\&_replication 9.5.4.2615
veeam/veeam_backup_\&_replication 10.0.1.4854 (4 CPE variants)
veeam/veeam_backup_\&_replication 11.0.1.1261 (4 CPE variants)
veeam/veeam_backup_\&_replication 10.0.0.4442 - 10.0.1.4854
Published Mar 17, 2022
Tracked Since Feb 18, 2026