Veeam: Vulnerability CVE-2023-27532 in a Veeam Backup & Replication

1

CVE-2023-27532

KB ID: 4424
Product: Veeam Backup & Replication
Published: 2023-03-07
Last Modified: 2023-03-09
Veeam Logos

Challenge

Vulnerability CVE-2023-27532 in a Veeam Backup & Replication component allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts.

Severity: High
CVSS v3 score: 7.5

 

Cause

The vulnerable process, Veeam.Backup.Service.exe (TCP 9401 by default), allows an unauthenticated user to request encrypted credentials.

Solution

This vulnerability is resolved in the following Veeam Backup & Replication build numbers:

 

Notes:

  • This vulnerability affects all Veeam Backup & Replication versions.
  • If you use an earlier Veeam Backup & Replication version, please upgrade to a supported version first.
  • If you use an all-in-one Veeam appliance with no remote backup infrastructure components, you can alternatively block external connections to port TCP 9401 in the backup server firewall as a temporary remediation until the patch is installed.
  • The patch must be installed on the Veeam Backup & Replication server. All new deployments of Veeam Backup & Replication versions 12 and 11a installed using the ISO images dated 20230223 (V12) and 20230227 (V11a) or later are not vulnerable.

 

More Information

This vulnerability was reported by Shanigen.


Correction: This article initially listed the vulnerability ID as CVE-2023-27530, the correct vulnerability ID is CVE-2023-27532.

About Author

1 thought on “Veeam: Vulnerability CVE-2023-27532 in a Veeam Backup & Replication

Leave a Reply

Your email address will not be published. Required fields are marked *