Security News > 2024 > July > You had a year to patch this Veeam flaw – and now it's going to hurt some more
Another new ransomware gang, this one dubbed EstateRansomware, is exploiting a Veeam vulnerability that was patched more than a year ago to drop file-encrypting malware, a LockBit variant, and extort payments from victims.
Veeam fixed the flaw, tracked as CVE-2023-27532, in March 2023 for versions 12/11a and later of its backup and replication software.
"Replication component allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database," the software vendor advised when it spotted the bug, before adding: "This may lead to an attacker gaining access to the backup infrastructure hosts."
Next, the criminals used this access to steal user credentials and exploit the backup and replication software's vulnerability - just as Veeam had warned could happen if users didn't patch when it issued the fix back in March 2023.
Veeam Software spokesperson Heidi Monroe Kroft declined to answer specific questions about the ransomware attack but noted that the software provider released a patch to plug the hole on March 6, 2023.
"A Knowledge Base article was published detailing the issue. When a vulnerability is identified and disclosed, attackers will still try to exploit and reverse-engineer the patches to use the vulnerability on an unpatched version of Veeam software in their exploitation attempts."
News URL
https://go.theregister.com/feed/www.theregister.com/2024/07/11/estate_ransomware_veeam_bug/
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-10 | CVE-2023-27532 | Missing Authentication for Critical Function vulnerability in Veeam Backup & Replication 11.0.1.1261/12.0.0.1420 Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. | 7.5 |