Pierluigi Paganini March 08, 2023

Veeam addressed a high-severity vulnerability in the Backup Service that impacts Backup & Replication software.

Veeam addressed a high-severity vulnerability in the Backup Service, tracked as CVE-2023-27532 (CVSS v3 score: 7.5), that impacts all versions of Backup & Replication software versions.

“Vulnerability CVE-2023-27532 in Veeam Backup & Replication component allows to obtain encrypted credentials stored in the configuration database. This may lead to gaining access to the backup infrastructure hosts.” reads the advisory published by the company.

An unauthenticated attacker can exploit the vulnerability to obtain the credentials stored in the VeeamVBR configuration database and use them to access backup infrastructure hosts.

According to the advisory, the root cause of the problem is the vulnerable Veeam.Backup.Service.exe (TCP 9401 by default) process that allows an unauthenticated user to request encrypted credentials.

The flaw was addressed with the release of the following Veeam Backup & Replication build numbers:

• 12 (build 12.0.0.1420 P20230223)
• 11a (build 11.0.1.1261 P20230227)

The company credited the security researcher known as Shanigen for reporting the CVE-2023-27532 flaw in mid-February.

Veeam also provides a workaround in case customers can’t immediately apply the security updates and are using an all-in-one appliance with no remote backup infrastructure components. The vendor recommends blocking external connections to port TCP 9401 in the backup server firewall.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CVE-2023-27532)