CVE-2022-26504
published 2022-03-17CVE-2022-26504: Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM)…
PriorityP184high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
ITWVulnCheck KEVRansomware
Exploited in the wild
EPSS
2.47%
82.5th percentile
Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| veeam | veeam_backup_replication | — | — |
| veeam | veeam_backup_replication | — | — |
| veeam | veeam_backup_replication | — | — |
| veeam | veeam_backup_replication | — | — |
| veeam | veeam_backup_replication | >= 10.0.0.4442 < 10.0.1.4854 | 10.0.1.4854 |
| veeam | veeam_backup_replication | >= 11.0.0.825 < 11.0.1.1261 | 11.0.1.1261 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vulncheck8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cv53-q2q6-5cq9: Improper authentication in Veeam Backup & Replication 9
ghsa_unreviewed·2022-03-18
CVE-2022-26504 [HIGH] CWE-287 GHSA-cv53-q2q6-5cq9: Improper authentication in Veeam Backup & Replication 9
Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe
VulnCheck
Veeam veeam_backup_\&_replication Improper Authentication
vulncheck·2022·CVSS 8.8
CVE-2022-26504 [HIGH] Veeam veeam_backup_\&_replication Improper Authentication
Veeam veeam_backup_\&_replication Improper Authentication
Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe
Affected: Veeam veeam_backup_\&_replication
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Known Ransomware Campaign Use: Known
Exploitation References: https://cloudsek.com/threatintelligence/multiple-rce-vulnerabilities-affecting-veeam-backup-replication/; https://securelist.com/cuba-ransomware/110533/; https://4502402.fs1.hubspotusercontent-na1.net/hubfs/4502402/Ransomware%202023%20Year%20in%20R
No detection rules found.
No public exploits indexed.
Securelist
From Caribbean shores to your devices: analyzing Cuba ransomware
blogs_securelist·2023-09-11
From Caribbean shores to your devices: analyzing Cuba ransomware
Table of Contents
Introduction
Cuba ransomware gang
Victimology
Ransomware
Cuba extortion model
Arsenal
Profits
Investigation of a Cuba-related incident and analysis of the malware
Host: SRV_STORAGE
Bughatch
SRV_Service host
Veeamp
Avast Anti-Rootkit driver
Burntcigar
SRV_MAIL host (Exchange server)
SqlDbAdmin
Cobalt Strike
New malware
BYOVD (Bring Your Own Vulnerable Driver)
Conclusion
Appendix
Authors
Alexander Kirichenko
Gleb Ivanov
## Introduction
Knowledge is our best weapon in the fight against cybercrime. An understanding of how various gangs operate and what tools they use helps build competent defenses and investigate incidents. This report takes a close look at the history of the Cuba group, and their attack tactics, techniques and procedures. We hope th
Securelist
Analysis of Cuba ransomware gang activity and tooling
blogs_securelist·2023-09-11
Analysis of Cuba ransomware gang activity and tooling
Table of Contents
- Introduction
- Cuba ransomware gang
- Victimology
- Ransomware
- Cuba extortion model
- Arsenal
- Profits
- Investigation of a Cuba-related incident and analysis of the malware
- New malware
- BYOVD (Bring Your Own Vulnerable Driver)
- Conclusion
- Appendix
Authors
- Alexander Kirichenko
- Gleb Ivanov
## Introduction
Knowledge is our best weapon in the fight against cybercrime. An understanding of how various gangs operate and what tools they use helps build competent defenses and investigate incidents. This report takes a close look at the history of the Cuba group, and their attack tactics, techniques and procedures. We hope this article will help you to stay one step ahead of threats like this one.
## Cuba ransomware gang
Cuba data leak site
The group’s offe
2022-03-17
Published
Exploited in the wild