【資安漏洞預警】Veeam備份軟體存在多個重大資安漏洞

【行政公告】

公告單位	圖資處數位服務組
訊息類別	行政公告行政公告	公告對象	全體
公告主題	【資安漏洞預警】Veeam備份軟體存在多個重大資安漏洞 [Security Vulnerability Alert] Veeam backup software contains multiple critical cybersecurity vulnerabilities.
公告內容	轉發台灣電腦網路危機處理暨協調中心資安訊息警訊 TWCERTCC-200-202603-00000015 [內容說明] Veeam Backup and Replication是Veeam核心備份軟體，近日Veeam發布重大資安漏洞公告。【CVE-2026-21666，CVSS：9.9】允許經過驗證的網域使用者在備份伺服器上遠端執行程式碼。【CVE-2026-21667，CVSS：9.9】允許經過驗證的網域使用者在備份伺服器上遠端執行程式碼。【CVE-2026-21668，CVSS：8.8】允許經過身分驗證的網域使用者繞過限制，並操縱備份儲存庫中的任意檔案。【CVE-2026-21672，CVSS：8.8】基於Windows的Veeam Backup and Replication 伺服器，存在本機權限提升漏洞。【CVE-2026-21708，CVSS：9.9】允許備份檢視器以使用者身分遠端執行程式碼。【CVE-2026-21669，CVSS：9.9】允許經過驗證的網域使用者在備份伺服器上遠端執行程式碼。【CVE-2026-21671，CVSS：9.1】允許具有備份管理員角色的已認證使用者在 Veeam Backup and Replication 的高可用性 (HA) 部署中遠端執行程式碼。 [影響平台] Veeam Backup and Replication 12.3.2.4165 (含)之前版本 Veeam Backup and Replication 13.0.1.1071 (含)之前版本 [建議措施] 請更新至以下版本： Veeam Backup and Replication 12.3.2.4465版本、 Veeam Backup and Replication 13.0.1.2067版本 [參考資料] 1. https://www.twcert.org.tw/tw/cp-169-10783-d40f5-1.html Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Warning TWCERTCC-200-202603-00000015 [Content Description] Veeam Backup and Replication is the core backup software of Veeam. Veeam recently released a major cybersecurity vulnerability announcement. 【CVE-2026-21666, CVSS: 9.9】Allows an authenticated domain user to remotely execute code on the backup server. 【CVE-2026-21667, CVSS: 9.9】Allows an authenticated domain user to remotely execute code on the backup server. 【CVE-2026-21668, CVSS: 8.8】Allows an authenticated domain user to bypass restrictions and manipulate arbitrary files in the backup repository. 【CVE-2026-21672, CVSS: 8.8】A native privilege escalation vulnerability exists in the Windows-based Veeam Backup and Replication server. 【CVE-2026-21708, CVSS: 9.9】Allows a backup viewer to remotely execute code as a user. 【CVE-2026-21669, CVSS: 9.9】Allows an authenticated domain user to remotely execute code on the backup server. 【CVE-2026-21671, CVSS: 9.1】Allows an authenticated user with the backup administrator role to remotely execute code in a Veeam Backup and Replication high availability (HA) deployment. [Affected Platforms] Veeam Backup and Replication versions 12.3.2.4165 and earlier Veeam Backup and Replication versions 13.0.1.1071 and earlier [Recommended Actions] Please update to the following versions: Veeam Backup and Replication 12.3.2.4465, Veeam Backup and Replication 13.0.1.2067 [References] 1. https://www.twcert.org.tw/tw/cp-169-10783-d40f5-1.html
相關訊息	參考資料
公告時間	2026/3/17 至 2026/9/17	點閱次數	298