Veeam has addressed a high-severity vulnerability, tracked as CVE-2023-27532, that affects all versions of Backup & Replication software. An attacker can exploit this vulnerability to obtain encrypted credentials stored in the configuration database and gain access to backup infrastructure hosts.
The vulnerable Veeam.Backup.Service.exe process allows an unauthenticated user to request encrypted credentials, leading to the root cause of the problem. Veeam has released the following build numbers to address the flaw: 12 (build 12.0.0.1420 P20230223) and 11a (build 11.0.1.1261 P20230227).
The advisory released by the company states that CVE-2023-27532 is a severe vulnerability, and it allows an attacker to gain unauthorized access to backup infrastructure hosts.
The vulnerability is caused by the vulnerable Veeam.Backup.Service.exe process that allows an unauthenticated user to request encrypted credentials stored in the VeeamVBR configuration database.
The flaw can be exploited by an attacker to obtain encrypted credentials and gain access to the backup infrastructure hosts. However, Veeam has released new build numbers to address the vulnerability. The company has credited security researcher Shanigen for reporting the CVE-2023-27532 flaw in mid-February.
For customers who can’t immediately apply the security updates and are using an all-in-one appliance with no remote backup infrastructure components, Veeam provides a workaround.
The vendor recommends blocking external connections to port TCP 9401 in the backup server firewall to prevent an attacker from exploiting the vulnerability and gaining access to backup infrastructure hosts.
