www.belgium.be Logo of the federal government

Warning – POC released for CVE-2023-27532 affecting Veeam Backup & Replication

Referentie: 
Advisory #2023-33
Versie: 
1.0
Geïmpacteerde software: 
Veeam Backup & Replication
Veeam Backup & Replication Community Edition
Type: 
Missing Authentication for Critical Function
CVE/CVSS: 

CVE: CVE-2023-27532
CVSS: 7.5

Datum: 
24/03/2023

Bronnen

https://www.veeam.com/kb4424
https://nvd.nist.gov/vuln/detail/CVE-2023-27532

Risico’s

Veeam Backup & Replication software can be used to create backups anywhere in the hybrid cloud. If attackers can get access to this software, they are able to destroy or modify these backups. Destroying backups is technique that is used in a lot of ransomware attacks to force the victim to pay the ransom.

Therefor it is crucial to keep your Veeam Backup & Replication software up to date and secure to ensure your backup data stays protected.

 

Beschrijving

Successfully exploiting CVE-2023-27532 in a Veeam Backup & Replication component allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts.

Proof-of-concept code for this vulnerability publicly available on the internet, which makes it a lot easier for attackers to exploit this vulnerability and retrieve the credentials in clear text.

When an attacker gains access to the backup infrastructure hosts, he can try to modify or delete the backups.

The following deployments of “Veeam Backup & Replication” and “Veeam Backup & Replication Community Edition” installed using the ISO are vulnerable:

  • V12 installed with ISO images dated before 20230223
  • V11a installed with ISO images dated before 20230227
  • If you use an earlier version, please upgrade to a supported version first.

 

Aanbevolen acties

The Centre for Cyber Security Belgium strongly recommends system administrators to take the following actions:

  • Install the security patches on the Veeam Backup & Replication server:
    • V12: Install patch 12.0.0.1420 P20230223 (KB4420)
    • V11a: Install patch 11.0.1.1261 P20230227 (KB4245)
    • Older versions need to be upgraded to a version listed above
  • If you use an all-in-one Veeam appliance with no remote backup infrastructure components, you can alternatively block external connections to port TCP 9401 in the backup server firewall as a temporary remediation until the patch is installed.

Referenties

https://www.veeam.com/kb4420
https://www.veeam.com/kb4245