Today, Veeam has released patches for Veeam Backup & Replication v11 and v12. A critical vulnerability (CVSSv3 7.5 – CVE-2023-27532) has been fixed and you should apply the patch as soon as possible. Unauthorized users may be able to request encrypted credentials from the Veeam Backup service, and therefore get access to the backup infrastructure. The KB article has just been published: KB4424.
Vulnerability CVE-2023-27532 in Veeam Backup & Replication component allows to obtain encrypted credentials stored in the configuration database. This may lead to gaining access to the backup infrastructure hosts.
The highest severity issue fixed in this release is HIGH.
This vulnerability has a CVSS higher than 7. It’s already patched in the latest versions of VBR 11 and 12.
KB Numbers: 4424 & 4420
Date: March 7, 2023
CVSSv3 Score: 7.5
Impact: Access to the backup infrastructure hosts
CVE ID: CVE-2023-27532
The vulnerable process, Veeam.Backup.Service.exe (TCP 9401 by default), allows an unauthenticated user to request encrypted credentials.
This vulnerability affects all Veeam Backup & Replication versions.
- If you use an earlier Veeam Backup & Replication version, please upgrade to a supported version first.
- If you use an all-in-one Veeam appliance with no remote backup infrastructure components, you can alternatively block external connections to port TCP 9401 in the backup server firewall as a temporary remediation until the patch is installed.
- The patch must be installed on the Veeam Backup & Replication server. All new deployments of Veeam Backup & Replication versions 12 and 11 installed using the ISO images dated 20230223 (V12) and 20230227 (V11) or later are not vulnerable.
This vulnerability is resolved in the following Veeam Backup & Replication versions:
Workaround for VBR:
As a temporary workaround you can block access to TCP port 9401 on your Veeam Backup & Replication server. This will affect the connection of mount servers to the VBR server, so only use this if you don’t have a distributed Veeam environment. And still apply the patch as soon as possible.
All users of Veeam should use this time to inventory instances of Fortigate and prepare for immediate patching when this is released. We recommend that you begin identifying your vulnerable systems now and prepare to patch soon as possible. Basically, your backup environment should NOT be exposed on the internet.
Organizations, users, get ready! We’ll keep you updated.
New Veeam v12 Platform Overview: Blog Post
Veeam B&R v12 New Features Overview: Blog Post
Step by Step Guide Veeam B&R 12 Upgrade: Blog Post
Ransomware & Cybersecurity with Veeam v12: Blog Post
Hardened Repository in Veeam v12: Blog Post
Kerberos Authentication with Veeam v12: Blog Post
VeeaMover in v12: Blog Post
Veeam v12 Linux Without SSH And SUDO: Blog Post
Why backup directly to Object Storage? Blog Post
Wasabi Object Storage Usage with Veeam B&R v12: Blog Post
[REPLAY] Webinar Veeam v12 New features (Fr): Replay