Warning – POC released for CVE-2023-27532 affecting Veeam Backup & Replication
Veeam Backup & Replication software can be used to create backups anywhere in the hybrid cloud. If attackers can get access to this software, they are able to destroy or modify these backups. Destroying backups is technique that is used in a lot of ransomware attacks to force the victim to pay the ransom.
Therefor it is crucial to keep your Veeam Backup & Replication software up to date and secure to ensure your backup data stays protected.
Successfully exploiting CVE-2023-27532 in a Veeam Backup & Replication component allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts.
Proof-of-concept code for this vulnerability publicly available on the internet, which makes it a lot easier for attackers to exploit this vulnerability and retrieve the credentials in clear text.
When an attacker gains access to the backup infrastructure hosts, he can try to modify or delete the backups.
The following deployments of “Veeam Backup & Replication” and “Veeam Backup & Replication Community Edition” installed using the ISO are vulnerable:
- V12 installed with ISO images dated before 20230223
- V11a installed with ISO images dated before 20230227
- If you use an earlier version, please upgrade to a supported version first.
The Centre for Cyber Security Belgium strongly recommends system administrators to take the following actions:
- Install the security patches on the Veeam Backup & Replication server:
- If you use an all-in-one Veeam appliance with no remote backup infrastructure components, you can alternatively block external connections to port TCP 9401 in the backup server firewall as a temporary remediation until the patch is installed.