Veeam this week announced patches for a serious vulnerability in its Backup & Replication solution that could lead to the exposure of credentials.
A backup solution for virtual environments, Veeam Backup & Replication supports virtual machines running on Hyper-V, Nutanix AHV, and vSphere, as well as servers, workstations, and cloud-based workloads.
Registered as CVE-2023-27532 (CVSS score 7.5), the vulnerability allows an attacker to obtain encrypted credentials that are stored in the configuration database.
“The vulnerable process, Veeam.Backup.Service.exe (TCP 9401 by default), allows an unauthenticated user to request encrypted credentials,” Veeam explains in an advisory.
According to the company, successful exploitation of the security flaw could provide attackers with access to supporting infrastructure hosts.
All versions of Veeam Backup & Replication are affected by this issue. The patches were included in app versions 12 (Build 220.127.116.110 P20230223) and 11a (Build 18.104.22.1681 P20230227).
Users must install the patches on the Veeam Backup & Replication server. New deployments installed with ISO images dated February 23 (version 12) and February 27 (version 11) or later are not vulnerable.
Users of previous versions of Veeam Backup & Replication are advised to upgrade to a supported iteration as soon as possible.
“If you are using a Veeam all-in-one appliance without remote backup infrastructure components, you can also block external connections to TCP port 9401 on the backup server firewall as a temporary solution until the patch is installed” , explains Veeam.
The company does not mention the vulnerability being exploited in the wild, but hackers have been known to exploit Backup & Replication flaws in their attacks.
Additionally, penetration testing firm Code White warns that creating an exploit for this vulnerability is relatively easy.
“CVE-2023-27532 in Veeam Backup & Replication is serious, expect exploit attempts soon. Our teammate @mwulftange was able to develop an exploit simply using the exposed API.” Code White tweeted.
Related: CISA Warns of Veeam Backup and Replication Vulnerabilities Exploited in Attacks
Related: Critical vulnerabilities patched in Veeam’s data backup solution
Related: Exploitation of critical vulnerabilities in VMware end-of-life products Ongoing