Veeam Backup & Replication Vulnerability CVE-2023-27532

rusted metal link chain with one broken link.

Mar 9, 2023 by Taylor Krieg

Veeam Backup & Replication Vulnerability

A Veeam Backup & Replication vulnerability (CVE-2023-27532) has been found that could enable an unauthenticated user to request encrypted credentials, giving them access to hosts used for backup infrastructure. All versions of Veeam Backup & Replication are impacted by this, and has a CVSS v3 score of 7.5.

To address this vulnerability, Veeam has created patches for V11 and V12, and we strongly advise that you upgrade your installations right away.

Access the KB4424 article here for patches and instructions.

Main Points

  • All versions of Veeam Backup & Replication are impacted by this issue.
  • If you are using an earlier version of Veeam Backup & Replication, please upgrade to a supported version first.
  • If you utilize an all-in-one Veeam appliance without any remote backup infrastructure components, a temporary fix until the patch is installed is to restrict external connections to port TCP 9401 in the firewall of the backup server.
  • The Veeam Backup & Replication server needs to have the patch installed. Veeam Backup & Replication versions 12 and 11a that have been newly deployed and installed using ISO images with dates of 20230223 (V12) and 20230227 (V11a) or later are not vulnerable.
  • Access the KB4424 article here for patches and instructions.

In order to protect your business, employees, and IT infrastructure you must take a proactive approach. Through the use of Layered Security Strategy, our experts can ensure that your assets are properly protected and secure. Reach out to us if you’d like to learn more by using the information below!

If you need any assistance with this Veeam Backup & Replication Vulnerability and applying these patches, please contact us and call 502-240-0404 or email us at info@mirazon.com.

Press enter to search