{"id":28996,"date":"2023-03-09T07:03:07","date_gmt":"2023-03-09T06:03:07","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=28996"},"modified":"2023-03-10T11:36:06","modified_gmt":"2023-03-10T10:36:06","slug":"veeam-fixes-critical-vulnerability-cve-2023-27532-in-backup-replication-v11a-v12","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2023\/03\/09\/veeam-fixes-critical-vulnerability-cve-2023-27532-in-backup-replication-v11a-v12\/","title":{"rendered":"Veeam fixes critical vulnerability CVE-2023-27532 in Backup & Replication V11a\/V12"},"content":{"rendered":"

\"Amazon\"[German<\/a>]A small note for users of the backup software from the manufacturer Veeam. As of March 7, 2023, Veeam has fixed a critical vulnerability (CVE-2023-27532) in its Backup & Replication product in versions V11a\/V12 via an update. The update via a cumulative update should be applied promptly. Update:<\/strong> There is now an exploit, exploitation likely soon.<\/p>\n

<\/p>\n

Veeam Backup & Replication<\/h2>\n

\"\"Veeam is a vemdpr of backup and replication software for bare metal and virtual machines. Veeam Backup & Replication<\/a> is a proprietary backup application developed by Veeam for virtual environments based on VMware vSphere, Nutanix AHV and Microsoft Hyper-V hypervisors. The software provides backup, recovery and replication capabilities for virtual machines, physical servers and workstations, and cloud-based workloads.<\/p>\n

A readers note on a vulnerability<\/h2>\n

German blog reader Wolfgang F. emailed me today about the issue (thanks for that) and wrote me regarding the vulnerability in Veeam Backup & Replication V11a\/V12.<\/p>\n

Good day Mr. Born,<\/p>\n

I'm a bit unsure now if this fits in your blog topic block as well, but otherwise just to let you know.<\/p>\n

This message reached me yesterday from Veeam, one or probably the leading manufacturer of backup software at least for Virtual Infrastructures.<\/p>\n

The mail is probably valid, the links lead to the correct Veeam pages and the SHA values of the download fit as well.<\/p>\n

Therefore I assume a valid message.<\/p>\n

I have implemented the update for my version 11, so far no problems.<\/p><\/blockquote>\n

Wolfgang then shared a link to Veeam support post kb4245<\/a> (Release Information for Veeam Backup & Replication 11a Cumulative Patches<\/em>), which deals with the cumulative updates for said software. With the latest change dated March 7, 2023, the following information – which I pulled from various sources – was released:<\/p>\n

P20230227: <\/b>Vulnerability (CVE-2023-27532<\/a>) in Veeam Backup Service was fixed.<\/p>\n

Vulnerability CVE-2023-27532 in Veeam Backup & Replication component allows to obtain encrypted credentials stored in the configuration database. This may lead to gaining access to the backup infrastructure hosts.<\/p>\n

Severity:<\/b> High
\nCVSS v3 score:<\/b> 7.5<\/p><\/blockquote>\n

Vulnerability CVE-2023-27532 in Veeam Backup & Replication allows third parties to access encrypted credentials in the configuration database. This can give attackers access to the hosts of the backup infrastructure. The Veeam community also has a post Vulnerability in Veeam Backup & Replication – March 2023<\/a>. The following information and links are relevant:<\/p>\n