--- licence_title: Creative Commons Attribution 4.0 International (CC-BY 4.0) licence_link: https://creativecommons.org/licenses/by/4.0/ licence_restrictions: https://cert.europa.eu/legal-notice licence_author: CERT-EU, The Cybersecurity Service for the European Union institutions, bodies, offices and agencies title: 'High Vulnerability in Veeam Backup & Replication' version: '1.0' number: '2023-016' original_date: 'March 08, 2023' date: 'March 09, 2023' --- _History:_ * _09/03/2023 --- v1.0 -- Initial publication_ # Summary On March 8, 2023, Veeam released a new security advisory revealing one high vulnerability in a Veeam Backup & Replication component [1]. This vulnerability is identified by `CVE-2023-27532` (CVSS score of 7.5) and it may allow an attacker to obtain encrypted credentials stored in the configuration database. This may lead to gaining access to the backup infrastructure hosts. It is highly recommended installing the latest version. # Technical Details The `CVE-2023-27532` is caused by the vulnerable process `Veeam.Backup.Service.exe` (TCP 9401 by default) that allows an unauthenticated user to request encrypted credentials. # Affected Products This vulnerability affects all Veeam Backup & Replication versions. \ All new deployments of Veeam Backup & Replication versions 12 and 11 installed using the ISO images dated `20230223` (V12) and `20230227` (V11) or later are not vulnerable. # Recommendations It is highly recommended updating to a supported [2] and fixed version: - Version 12 (build 12.0.0.1420 P20230223) [3]; - Version 11a (build 11.0.1.1261 P20230227) [4]. # Workarounds If you use an all-in-one Veeam appliance with no remote backup infrastructure components, you can alternatively block external connections to port TCP 9401 in the backup server firewall as a temporary remediation until the patch is installed. # References [1] [2] [3] [4]