Flash Notice: High Severity Vulnerability Found in Veeam Backup and Replication

overview

A high-severity vulnerability has been discovered in Veeam Backup and Replication software, which supports virtual machines running on Hyper-V, Nutanix AHV, and vSphere, as well as servers, cloud-based workloads, and workstations. 

The vulnerability is being tracked as CVE-2023-27532, has a CVSS score of 7.5, and impacts all Veeam Backup and Replication versions. According to Veeam, the vulnerability is in a Veeam Backup and Replication component and allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. If an attacker obtains encrypted credentials, they could gain access to the backup infrastructure hosts.  

Veeam has issued a patch for the vulnerability but recommends that customers using an all-in-one appliance with no remote backup infrastructure, block external connections to port TCP 9401 in the backup server firewall as a temporary remediation. If customers are using older Veeam Backup and Replication versions, the company advises those versions are updated to a supported iteration as soon as possible.  

While there is no indication of CVE-2023-27532 being exploited in the wild, threat actors have been known to exploit backup vulnerabilities. It is highly recommended that organizations apply the appropriate patch as soon as possible.  

avertium's recommendations

• Avertium recommends that organizations apply the appropriate patch for CVE-2023-27532 as soon as possible. You may find patch guidance in Veeam’s advisory.  

• CVE-2023-27532 is resolved in the following Veeam Backup and Replication build numbers:  

• • 12 (build 12.0.0.1420 P20230223) 
  • 11a (build 11.0.1.1261 P20230227) 

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with CVE-2023-27532. Avertium’s threat hunters remain vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

How Avertium is Protecting Our CUSTOMERS

• Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium offers Attack Surface Management, so you’ll have no more blind spots, weak links, or fire drills. 
• Avertium offers Zero Trust Network as a Service (ZTNaaS) for any organization that wants to control their attack surface. The zero-trust security model delivers exactly what the name promises: it is an IT security concept that specifies no access is allowed until the successful completion of authentication and authorization processes.  
• Fusion MXDR is the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts. 

SUPPORTING DOCUMENTATION