{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2023-016.pdf"
    },
    "title": "High Vulnerability in Veeam Backup & Replication",
    "serial_number": "2023-016",
    "publish_date": "09-03-2023 16:30:00",
    "description": "On March 8, 2023, Veeam released a new security advisory revealing one high vulnerability in a Veeam Backup & Replication component. This vulnerability is identified by CVE-2023-27532 (CVSS score of 7.5) and it may allow an attacker to obtain encrypted credentials stored in the configuration database. This may lead to gaining access to the backup infrastructure hosts. It is highly recommended installing the latest version.",
    "url_title": "2023-016",
    "content_markdown": "---\ntitle: 'High Vulnerability in Veeam Backup & Replication'\nversion: '1.0'\nnumber: '2023-016'\noriginal_date: 'March 08, 2023'\ndate: 'March 09, 2023'\n---\n\n_History:_\n\n* _09/03/2023 --- v1.0 -- Initial publication_\n  \n# Summary\n\nOn March 8, 2023, Veeam released a new security advisory revealing one high vulnerability in a Veeam Backup & Replication component [1]. This vulnerability is identified by `CVE-2023-27532` (CVSS score of 7.5) and it may allow an attacker to obtain encrypted credentials stored in the configuration database. This may lead to gaining access to the backup infrastructure hosts.\n\nIt is highly recommended installing the latest version.\n\n# Technical Details\n\nThe `CVE-2023-27532` is caused by the vulnerable process `Veeam.Backup.Service.exe` (TCP 9401 by default) that allows an unauthenticated user to request encrypted credentials.\n\n# Affected Products\n\nThis vulnerability affects all Veeam Backup & Replication versions. \\\n\nAll new deployments of Veeam Backup & Replication versions 12 and 11 installed using the ISO images dated `20230223` (V12) and `20230227` (V11) or later are not vulnerable.\n\n# Recommendations\n\nIt is highly recommended updating to a supported [2] and fixed version:\n\n- Version 12 (build 12.0.0.1420 P20230223) [3];\n- Version 11a (build 11.0.1.1261 P20230227) [4].\n\n# Workarounds\n\nIf you use an all-in-one Veeam appliance with no remote backup infrastructure components, you can alternatively block external connections to port TCP 9401 in the backup server firewall as a temporary remediation until the patch is installed.\n\n# References\n\n[1] <https://www.veeam.com/kb4424>\n\n[2] <https://www.veeam.com/product-lifecycle.html?ad=in-text-link>\n\n[3] <https://www.veeam.com/kb4420?ad=in-text-link>\n\n[4] <https://www.veeam.com/kb4245?ad=in-text-link>",
    "content_html": "<p><em>History:</em></p><ul><li><em>09/03/2023 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On March 8, 2023, Veeam released a new security advisory revealing one high vulnerability in a Veeam Backup &amp; Replication component [1]. This vulnerability is identified by <code>CVE-2023-27532</code> (CVSS score of 7.5) and it may allow an attacker to obtain encrypted credentials stored in the configuration database. This may lead to gaining access to the backup infrastructure hosts.</p><p>It is highly recommended installing the latest version.</p><h2 id=\"technical-details\">Technical Details</h2><p>The <code>CVE-2023-27532</code> is caused by the vulnerable process <code>Veeam.Backup.Service.exe</code> (TCP 9401 by default) that allows an unauthenticated user to request encrypted credentials.</p><h2 id=\"affected-products\">Affected Products</h2><p>This vulnerability affects all Veeam Backup &amp; Replication versions. \\</p><p>All new deployments of Veeam Backup &amp; Replication versions 12 and 11 installed using the ISO images dated <code>20230223</code> (V12) and <code>20230227</code> (V11) or later are not vulnerable.</p><h2 id=\"recommendations\">Recommendations</h2><p>It is highly recommended updating to a supported [2] and fixed version:</p><ul><li>Version 12 (build 12.0.0.1420 P20230223) [3];</li><li>Version 11a (build 11.0.1.1261 P20230227) [4].</li></ul><h2 id=\"workarounds\">Workarounds</h2><p>If you use an all-in-one Veeam appliance with no remote backup infrastructure components, you can alternatively block external connections to port TCP 9401 in the backup server firewall as a temporary remediation until the patch is installed.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.veeam.com/kb4424\">https://www.veeam.com/kb4424</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.veeam.com/product-lifecycle.html?ad=in-text-link\">https://www.veeam.com/product-lifecycle.html?ad=in-text-link</a></p><p>[3] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.veeam.com/kb4420?ad=in-text-link\">https://www.veeam.com/kb4420?ad=in-text-link</a></p><p>[4] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.veeam.com/kb4245?ad=in-text-link\">https://www.veeam.com/kb4245?ad=in-text-link</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}