| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2022-26500 | Veeam Backup & Replication Remote Code Execution Vulnerability | secondary_impact | T1048 | Exfiltration Over Alternative Protocol |
Comments
This vulnerability is exploited by a remote, authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code.
This vulnerability has been exploited by threat actors associated with AvosLocker ransomware, as identified by Kroll analysts. These actors have developed new tactics targeting backup systems, specifically leveraging vulnerabilities in Veeam Backup and Replication software (CVE-2022-26500 and CVE-2022-26501) to potentially exfiltrate data while evading detection.
References
|
| CVE-2022-26500 | Veeam Backup & Replication Remote Code Execution Vulnerability | secondary_impact | T1036 | Masquerading |
Comments
This vulnerability is exploited by a remote, authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code.
This vulnerability has been exploited by threat actors associated with AvosLocker ransomware, as identified by Kroll analysts. These actors have developed new tactics targeting backup systems, specifically leveraging vulnerabilities in Veeam Backup and Replication software (CVE-2022-26500 and CVE-2022-26501) to potentially exfiltrate data while evading detection.
References
|
| CVE-2022-26500 | Veeam Backup & Replication Remote Code Execution Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
This vulnerability is exploited by a remote, authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code.
This vulnerability has been exploited by threat actors associated with AvosLocker ransomware, as identified by Kroll analysts. These actors have developed new tactics targeting backup systems, specifically leveraging vulnerabilities in Veeam Backup and Replication software (CVE-2022-26500 and CVE-2022-26501) to potentially exfiltrate data while evading detection.
References
|
| CVE-2022-26500 | Veeam Backup & Replication Remote Code Execution Vulnerability | exploitation_technique | T1190 | Exploit Public-Facing Application |
Comments
This vulnerability is exploited by a remote, authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code.
This vulnerability has been exploited by threat actors associated with AvosLocker ransomware, as identified by Kroll analysts. These actors have developed new tactics targeting backup systems, specifically leveraging vulnerabilities in Veeam Backup and Replication software (CVE-2022-26500 and CVE-2022-26501) to potentially exfiltrate data while evading detection.
References
|
| CVE-2022-26500 | Veeam Backup & Replication Remote Code Execution Vulnerability | exploitation_technique | T1078 | Valid Accounts |
Comments
This vulnerability is exploited by a remote, authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code.
This vulnerability has been exploited by threat actors associated with AvosLocker ransomware, as identified by Kroll analysts. These actors have developed new tactics targeting backup systems, specifically leveraging vulnerabilities in Veeam Backup and Replication software (CVE-2022-26500 and CVE-2022-26501) to potentially exfiltrate data while evading detection.
References
|