Vulnerability CVE-2023-27532 in a Veeam Backup & Replication
BatuCloud
Hosting Provider
Vulnerability CVE-2023-27532 in a Veeam Backup & Replication component allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts.
Severity: High
CVSS v3 score: 7.5
Cause
The vulnerable process, Veeam.Backup.Service.exe (TCP 9401 by default), allows an unauthenticated user to request encrypted credentials.
Solution
This vulnerability is resolved in the following Veeam Backup & Replication build numbers:
12 (build 12.0.0.1420 P20230223)
11a (build 11.0.1.1261 P20230227)