Mar 08

High Veeam Backup & Replication Vulnerability – CVE-2023-27532

Today, Veeam has released patches for Veeam Backup & Replication v11 and v12. A critical vulnerability (CVSSv3 7.5 – CVE-2023-27532) has been fixed and you should apply the patch as soon as possible. Unauthorized users may be able to request encrypted credentials from the Veeam Backup service, and therefore get access to the backup infrastructure. The KB article has just been published: KB4424.

 

Vulnerability CVE-2023-27532 in Veeam Backup & Replication component allows to obtain encrypted credentials stored in the configuration database. This may lead to gaining access to the backup infrastructure hosts.

The highest severity issue fixed in this release is HIGH.

This vulnerability has a CVSS higher than 7. It’s already patched in the latest versions of VBR 11 and 12.

KB Numbers: 4424 & 4420
Date: March 7, 2023
CVSSv3 Score: 7.5
Impact: Access to the backup infrastructure hosts
CVE ID: CVE-2023-27532

The vulnerable process, Veeam.Backup.Service.exe (TCP 9401 by default), allows an unauthenticated user to request encrypted credentials.

Affected Products:
This vulnerability affects all Veeam Backup & Replication versions.

Solution:

  • If you use an earlier Veeam Backup & Replication version, please upgrade to a supported version first.
  • If you use an all-in-one Veeam appliance with no remote backup infrastructure components, you can alternatively block external connections to port TCP 9401 in the backup server firewall as a temporary remediation until the patch is installed.
  • The patch must be installed on the Veeam Backup & Replication server. All new deployments of Veeam Backup & Replication versions 12 and 11 installed using the ISO images dated 20230223 (V12) and 20230227 (V11) or later are not vulnerable.

This vulnerability is resolved in the following Veeam Backup & Replication versions:

  • V11a: https://www.veeam.com/kb4424. If you use a pre 11a version of VBR and patch all supported versions as soon as possible.
  • V12: https://www.veeam.com/kb4420

    •  

    Workaround for VBR:

    As a temporary workaround you can block access to TCP port 9401 on your Veeam Backup & Replication server. This will affect the connection of mount servers to the VBR server, so only use this if you don’t have a distributed Veeam environment. And still apply the patch as soon as possible.

    All users of Veeam should use this time to inventory instances of Fortigate and prepare for immediate patching when this is released. We recommend that you begin identifying your vulnerable systems now and prepare to patch soon as possible. Basically, your backup environment should NOT be exposed on the internet.

    Source: https://community.veeam.com/blogs-and-podcasts-57/vulnerability-in-veeam-backup-replication-march-2023-4361

    Organizations, users, get ready! We’ll keep you updated.

     
     

    New Veeam v12 Platform Overview: Blog Post
    Veeam B&R v12 New Features Overview: Blog Post
    Step by Step Guide Veeam B&R 12 Upgrade: Blog Post
    Ransomware & Cybersecurity with Veeam v12: Blog Post
    Hardened Repository in Veeam v12: Blog Post
    Kerberos Authentication with Veeam v12: Blog Post
    VeeaMover in v12: Blog Post
    Veeam v12 Linux Without SSH And SUDO: Blog Post
    Why backup directly to Object Storage?     Blog Post
    Wasabi Object Storage Usage with Veeam B&R v12: Blog Post
    [REPLAY] Webinar Veeam v12 New features (Fr): Replay

    Please follow and like us:
    fb-share-icon
    Tweet

    Christopher GLEMOT

    CTO | Technical specialist around Data Management, Security, Cyber Security, Cyber Resilience, Backup, Disaster Recovery, Multi-Cloud, and Storage | Veeam Vanguard | Varonis Elite | Owner of original-network.com

    Advertisement
    error

    Enjoy this blog? Please spread the word :)