[German]A small note for users of the backup software from the manufacturer Veeam. As of March 7, 2023, Veeam has fixed a critical vulnerability (CVE-2023-27532) in its Backup & Replication product in versions V11a/V12 via an update. The update via a cumulative update should be applied promptly. Update: There is now an exploit, exploitation likely soon.
Advertising
Veeam Backup & Replication
Veeam is a vemdpr of backup and replication software for bare metal and virtual machines. Veeam Backup & Replication is a proprietary backup application developed by Veeam for virtual environments based on VMware vSphere, Nutanix AHV and Microsoft Hyper-V hypervisors. The software provides backup, recovery and replication capabilities for virtual machines, physical servers and workstations, and cloud-based workloads.
A readers note on a vulnerability
German blog reader Wolfgang F. emailed me today about the issue (thanks for that) and wrote me regarding the vulnerability in Veeam Backup & Replication V11a/V12.
Good day Mr. Born,
I'm a bit unsure now if this fits in your blog topic block as well, but otherwise just to let you know.
This message reached me yesterday from Veeam, one or probably the leading manufacturer of backup software at least for Virtual Infrastructures.
The mail is probably valid, the links lead to the correct Veeam pages and the SHA values of the download fit as well.
Therefore I assume a valid message.
I have implemented the update for my version 11, so far no problems.
Wolfgang then shared a link to Veeam support post kb4245 (Release Information for Veeam Backup & Replication 11a Cumulative Patches), which deals with the cumulative updates for said software. With the latest change dated March 7, 2023, the following information – which I pulled from various sources – was released:
P20230227: Vulnerability (CVE-2023-27532) in Veeam Backup Service was fixed.
Vulnerability CVE-2023-27532 in Veeam Backup & Replication component allows to obtain encrypted credentials stored in the configuration database. This may lead to gaining access to the backup infrastructure hosts.
Severity: High
CVSS v3 score: 7.5
Vulnerability CVE-2023-27532 in Veeam Backup & Replication allows third parties to access encrypted credentials in the configuration database. This can give attackers access to the hosts of the backup infrastructure. The Veeam community also has a post Vulnerability in Veeam Backup & Replication – March 2023. The following information and links are relevant:
For users who cannot install the patch immediately, the following workaround can be found in the community post:
Advertising
As a temporary workaround you can block access to TCP port 9401 on your Veeam Backup & Replication server. This will affect the connection of mount servers to the VBR server, so only use this if you don't have a distributed Veeam environment. And still apply the patch as soon as possible.
Those who have recently installed the cumulative patches V11 or V12 should check the ISO image used for the installation. Builds 20230227 (V11) and 20230223 (V12) already contain the patches and are therefore no longer vulnerable.
Exploit developed, attacks on the horizon
Addenum: On March 10, 2023 I became aware of the following tweet – a security researcher has developed an exploit – attacks on the horizon.
