Veeam Backup & Replication Vulnerability (CVE-2023-27532)
Dark Lab on Mar 31 2023
Share:
In early March 2023, Veeam released a security advisory and patch for an authentication bypass vulnerability (CVE-2023-27532) that enables malicious actors to decrypt credentials to obtain access to the backup infrastructure hosts. We have since observed multiple Proof-of-Concepts (PoCs) indicating the potential to achieve remote code execution subsequent to the authentication bypass. Whilst no exploitation attempts have been observed as of yet, we suspect malicious actors will soon seek to exploit vulnerable, exposed Veeam assets.
The vendor has issued a patch to remediate the vulnerability. We advise applying the patch given historic mass exploitation of Veeam RCE vulnerabilities.
https://www.veeam.com/kb4424
https://www.horizon3.ai/veeam-backup-and-replication-cve-2023-27532-deep-dive/
The vendor has issued a patch to remediate the vulnerability. We advise applying the patch given historic mass exploitation of Veeam RCE vulnerabilities.
https://www.veeam.com/kb4424
https://www.horizon3.ai/veeam-backup-and-replication-cve-2023-27532-deep-dive/