Connect with us

Hi, what are you looking for?



Serious Vulnerability Patched in Veeam Data Backup Solution

A serious vulnerability in Veeam Backup & Replication may allow attackers to obtain encrypted credentials from the configuration database.

Veeam this week announced patches for a severe vulnerability in its Backup & Replication solution that could lead to the exposure of credentials.

A backup solution for virtual environments, Veeam Backup & Replication supports virtual machines running on Hyper-V, Nutanix AHV, and vSphere, as well as servers, workstations, and cloud-based workloads.

Tracked as CVE-2023-27532 (CVSS score of 7.5), the vulnerability allows an attacker to obtain the encrypted credentials that are stored in the configuration database.

“The vulnerable process, Veeam.Backup.Service.exe (TCP 9401 by default), allows an unauthenticated user to request encrypted credentials,” Veeam explains in an advisory.

According to the company, successful exploitation of the security defect could provide attackers with access to the backup infrastructure hosts.

All Veeam Backup & Replication versions are impacted by this issue. Patches were included in application versions 12 (build P20230223) and 11a (build P20230227).

Users need to install the patches on the Veeam Backup & Replication server. New deployments installed using the ISO images dated February 23 (version 12) and February 27 (version 11) or later are not vulnerable.

Advertisement. Scroll to continue reading.

Users of older Veeam Backup & Replication versions are advised to update to a supported iteration as soon as possible.

“If you use an all-in-one Veeam appliance with no remote backup infrastructure components, you can alternatively block external connections to port TCP 9401 in the backup server firewall as a temporary remediation until the patch is installed,” Veeam explains.

The company makes no mention of the vulnerability being exploited in the wild, but hackers have been known to exploit Backup & Replication flaws in their attacks. 

Furthermore, penetration testing firm Code White warns that creating an exploit for this vulnerability is relatively easy.

“CVE-2023-27532 in Veeam Backup & Replication is serious, expect exploitation attempts soon. Our teammate @mwulftange was able to develop an exploit just by using the exposed API,” Code White tweeted.

Related: CISA Warns Veeam Backup & Replication Vulnerabilities Exploited in Attacks

Related: Critical Vulnerabilities Patched in Veeam Data Backup Solution

Related: Exploitation of Critical Vulnerability in End-of-Life VMware Product Ongoing

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.