Operational Defect Database
BugZero found this defect 440 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
Veeam | kb4424
CVE-2023-27532
Last update date:
2/22/2024
Affected products:
Veeam Backup & Replication
Veeam Cloud Connect
Affected releases:
ALL
Fixed releases:
No fixed releases provided.
Description:
Challenge
Vulnerability CVE-2023-27532 in a Veeam Backup & Replication component allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts. Severity: High CVSS v3 score: 7.5
Cause
The vulnerable process, Veeam.Backup.Service.exe (TCP 9401 by default), allows an unauthenticated user to request encrypted credentials.
Solution
This vulnerability was resolved starting in the following Veeam Backup & Replication build numbers:
More Information
This vulnerability was reported by Shanigen. Correction: This article initially listed the vulnerability ID as CVE-2023-27530, the correct vulnerability ID is CVE-2023-27532.
