Security News > 2023 > March > Exploit released for Veeam bug allowing cleartext credential theft
Cross-platform exploit code is now available for a high-severity Backup Service vulnerability impacting Veeam's Backup & Replication software.
The flaw affects all VBR versions and can be exploited by unauthenticated attackers to breach backup infrastructure after stealing cleartext credentials and gaining remote code execution as SYSTEM. Veeam released security updates to address this vulnerability for VBR V11 and V12 on March 7, advising customers using older releases to upgrade to secure vulnerable devices running unsupported releases.
Today, just over two weeks after Veeam released CVE-2023-27532 patches, Horizon3's Attack Team published a technical root cause analysis for this high-severity vulnerability.
Last week, Huntress security researchers shared a video demo of their own PoC exploit capable of dumping cleartext credentials and achieving arbitrary code execution via additional API calls that could be weaponized.
"While the unauthenticated credential dump acts as a vector for lateral movement or post-exploitation, the vulnerability in question can also be used for unauthenticated remote code execution - turning the vulnerable Veeam instance itself into a vector for initial access or further compromise," Huntress Labs security researchers John Hammond explained.
Although there are no reports of threat actors leveraging this vulnerability and no attempts to exploit it in the wild, attackers will likely create their own exploits based on the PoC code published by Horizon3 researchers to target Internet-exposed Veeam servers.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-10 | CVE-2023-27532 | Missing Authentication for Critical Function vulnerability in Veeam Backup & Replication 11.0.1.1261/12.0.0.1420 Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. | 7.5 |