Security News > 2023 > March > Veeam Backup & Replication admins, get patching! (CVE-2023-27532)

Veeam Backup & Replication admins, get patching! (CVE-2023-27532)
2023-03-10 05:45

Veeam Software has patched CVE-2023-27532, a high-severity security hole in its widely-used Veeam Backup & Replication solution, and is urging customer to implement the fix as soon as possible.

The nature of CVE-2023-27532 has not been explained - Veeam only says that "The vulnerable process, Veeam.Backup.Service.exe, allows an unauthenticated user to request encrypted credentials."

Obtaining encrypted credentials might ultimately allow attackers to gain access to the backup infrastructure hosts, the company noted.

The email sent by the company to users notifying them of the flaw and the need to patch also did not offer much insight, but noted that "If you use an all-in-one Veeam appliance with no remote backup infrastructure components, you can also block external connections to port TCP 9401 in the backup server firewall as a temporary remediation until the patch is installed."

CVE-2023-27532 affects all Veeam Backup & Replication versions, and users are advised to install the patches as soon as possible.

"All new deployments of Veeam Backup & Replication versions 12 and 11 installed using the ISO images dated 20230223 and 20230227 or later are not vulnerable," the company noted, and urged users of unsupported Veeam Backup & Replication version to upgrade to a supported one before implementing the patch.


News URL

https://www.helpnetsecurity.com/2023/03/10/cve-2023-27532/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-03-10 CVE-2023-27532 Missing Authentication for Critical Function vulnerability in Veeam Backup & Replication 11.0.1.1261/12.0.0.1420
Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained.
network
low complexity
veeam CWE-306
7.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Veeam 11 0 8 9 7 24