Operational Defect Database

BugZero found this defect 411 days ago.

Veeam | kb4424

CVE-2023-27532

Last update date:

2/22/2024

Affected products:

Veeam Backup & Replication

Veeam Cloud Connect

Affected releases:

ALL

Fixed releases:

No fixed releases provided.

Description:

Challenge

Vulnerability CVE-2023-27532 in a Veeam Backup & Replication component allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts. Severity: High CVSS v3 score: 7.5

Cause

The vulnerable process, Veeam.Backup.Service.exe (TCP 9401 by default), allows an unauthenticated user to request encrypted credentials.

Solution

This vulnerability was resolved starting in the following Veeam Backup & Replication build numbers:

More Information

This vulnerability was reported by Shanigen.   Correction: This article initially listed the vulnerability ID as CVE-2023-27530, the correct vulnerability ID is CVE-2023-27532.

Additional Resources / Links

Share:

BugZero® Risk Score

What's this?

Coming soon

Status

Solved

cost-cta-background

Do you know how much operational outages are costing you?

Understand the cost to your business and how BugZero can help you reduce those costs.

Have you ever...

had your data corrupted from a

VMware

bug?

Search:

...