Warning – POC released for CVE-2023-27532 affecting Veeam Backup & Replication

Image
Decorative image
Published : 24/03/2023

Reference:
Advisory #2023-33

Version:
1.0

Affected software:
Veeam Backup & Replication
Veeam Backup & Replication Community Edition

Type:
Missing Authentication for Critical Function

CVE/CVSS:
CVE: CVE-2023-27532
CVSS: 7.5

Sources

https://www.veeam.com/kb4424
https://nvd.nist.gov/vuln/detail/CVE-2023-27532

Risks

Veeam Backup & Replication software can be used to create backups anywhere in the hybrid cloud. If attackers can get access to this software, they are able to destroy or modify these backups. Destroying backups is technique that is used in a lot of ransomware attacks to force the victim to pay the ransom.

Therefor it is crucial to keep your Veeam Backup & Replication software up to date and secure to ensure your backup data stays protected.

 

Description

Successfully exploiting CVE-2023-27532 in a Veeam Backup & Replication component allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts.

Proof-of-concept code for this vulnerability publicly available on the internet, which makes it a lot easier for attackers to exploit this vulnerability and retrieve the credentials in clear text.

When an attacker gains access to the backup infrastructure hosts, he can try to modify or delete the backups.

The following deployments of “Veeam Backup & Replication” and “Veeam Backup & Replication Community Edition” installed using the ISO are vulnerable:

  • V12 installed with ISO images dated before 20230223
  • V11a installed with ISO images dated before 20230227
  • If you use an earlier version, please upgrade to a supported version first.

 

Recommended Actions

The Centre for Cyber Security Belgium strongly recommends system administrators to take the following actions:

  • Install the security patches on the Veeam Backup & Replication server:
    • V12: Install patch 12.0.0.1420 P20230223 (KB4420)
    • V11a: Install patch 11.0.1.1261 P20230227 (KB4245)
    • Older versions need to be upgraded to a version listed above
  • If you use an all-in-one Veeam appliance with no remote backup infrastructure components, you can alternatively block external connections to port TCP 9401 in the backup server firewall as a temporary remediation until the patch is installed.

References

https://www.veeam.com/kb4420
https://www.veeam.com/kb4245