Veeam this week announced patches for a severe vulnerability in its Backup & Replication solution that could lead to the exposure of credentials.
A backup solution for virtual environments, Veeam Backup & Replication supports virtual machines running on Hyper-V, Nutanix AHV, and vSphere, as well as servers, workstations, and cloud-based workloads.
Tracked as CVE-2023-27532 (CVSS score of 7.5), the vulnerability allows an attacker to obtain the encrypted credentials that are stored in the configuration database.
“The vulnerable process, Veeam.Backup.Service.exe (TCP 9401 by default), allows an unauthenticated user to request encrypted credentials,” Veeam explains in an advisory.
According to the company, successful exploitation of the security defect could provide attackers with access to the backup infrastructure hosts.
All Veeam Backup & Replication versions are impacted by this issue. Patches were included in application versions 12 (build 12.0.0.1420 P20230223) and 11a (build 11.0.1.1261 P20230227).
Users need to install the patches on the Veeam Backup & Replication server. New deployments installed using the ISO images dated February 23 (version 12) and February 27 (version 11) or later are not vulnerable.
Users of older Veeam Backup & Replication versions are advised to update to a supported iteration as soon as possible.
“If you use an all-in-one Veeam appliance with no remote backup infrastructure components, you can alternatively block external connections to port TCP 9401 in the backup server firewall as a temporary remediation until the patch is installed,” Veeam explains.
The company makes no mention of the vulnerability being exploited in the wild, but hackers have been known to exploit Backup & Replication flaws in their attacks.
Furthermore, penetration testing firm Code White warns that creating an exploit for this vulnerability is relatively easy.
“CVE-2023-27532 in Veeam Backup & Replication is serious, expect exploitation attempts soon. Our teammate @mwulftange was able to develop an exploit just by using the exposed API,” Code White tweeted.
Related: CISA Warns Veeam Backup & Replication Vulnerabilities Exploited in Attacks
Related: Critical Vulnerabilities Patched in Veeam Data Backup Solution
Related: Exploitation of Critical Vulnerability in End-of-Life VMware Product Ongoing
More from Ionut Arghire
- Toyota Discloses New Data Breach Involving Vehicle, Customer Information
- Adobe Inviting Researchers to Private Bug Bounty Program
- Critical Vulnerabilities Found in Faronics Education Software
- Chrome 114 Released With 18 Security Fixes
- Spyware Found in Google Play Apps With Over 420 Million Downloads
- Millions of WordPress Sites Patched Against Critical Jetpack Vulnerability
- PyPI Enforcing 2FA for All Project Maintainers to Boost Security
- Personal Information of 9 Million Individuals Stolen in MCNA Ransomware Attack
Latest News
- Russia Blames US Intelligence for iOS Zero-Click Attacks
- Toyota Discloses New Data Breach Involving Vehicle, Customer Information
- Cisco Acquiring Armorblox for Predictive and Generative AI Technology
- Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks
- Amazon Settles Ring Customer Spying Complaint
- Organizations Warned of Salesforce ‘Ghost Sites’ Exposing Sensitive Information
- Adobe Inviting Researchers to Private Bug Bounty Program
- Critical Vulnerabilities Found in Faronics Education Software
