Armis Logo< Back

CVE-2023-27532:

Veeam Backup & Replication contains a vulnerability that allows attackers to extract encrypted credentials from the configuration database, potentially leading to unauthorized access to backup infrastructure hosts.


Score
Info
A numerical rating that indicates how dangerous this vulnerability is.

7.5High
  • Published Date:Mar 10, 2023
  • CISA KEV Date:Aug 22, 2023
  • Industries Affected:20
Armis Early Warning:
Early Warning165 Days

Threat Predictions

  • EPSS Score:84.2
  • EPSS Percentile:99%

Exploitability

  • Score:3.9
  • Attack Vector:NETWORK
  • Attack Complexity:LOW
  • Privileges Required:NONE
  • User Interaction:NONE
  • Scope:UNCHANGED

Impact

  • Score:3.6
  • Confidentiality Impact:HIGH
  • Integrity Impact:NONE
  • Availability Impact:NONE

Description Preview

Veeam Backup & Replication contains a vulnerability that allows attackers to extract encrypted credentials from the configuration database, potentially leading to unauthorized access to backup infrastructure hosts.

Overview

This vulnerability in Veeam Backup & Replication allows attackers to obtain encrypted credentials stored in the product's configuration database. The issue is classified as CWE-306 (Missing Authentication for Critical Function), indicating that the application fails to properly authenticate users before allowing access to sensitive credential information. Once an attacker extracts these credentials, they can use them to authenticate to backup infrastructure hosts, potentially gaining control over the backup environment. This represents a significant security risk as backup systems typically have access to critical organizational data.

Remediation

  • Organizations using Veeam Backup & Replication should:
  • 1. Update to the latest version of the software as recommended in Veeam KB4424
  • 2. Follow the specific mitigation steps outlined in the vendor advisory
  • 3. Review access controls to the Veeam management interfaces
  • 4. Audit existing user permissions and access to the configuration database
  • 5. Monitor for any suspicious access attempts to backup infrastructure components
  • 6. Consider implementing network segmentation to isolate backup infrastructure

References

Early WarningArmis Early Warning

Armis Early Warning provides proactive threat intelligence and early detection capabilities.Click here to learn more.

  • Armis Alert Date:Mar 11, 2023
  • CISA KEV Date:Aug 22, 2023
  • Days Early:165 Days

Industries Affected

Below is a list of industries most commonly impacted or potentially at risk based on intelligence.

Medium
Manufacturing icon
Manufacturing
Public Administration icon
Public Administration
Health Care and Social Assistance icon
Health Care and Social Assistance
Low
Mining icon
Mining
Utilities icon
Utilities
Information icon
Information
Construction icon
Construction
Retail Trade icon
Retail Trade
Wholesale Trade icon
Wholesale Trade
Educational Services icon
Educational Services
Finance and Insurance icon
Finance and Insurance
Real Estate Rental and Leasing icon
Real Estate Rental and Leasing
Transportation and Warehousing icon
Transportation and Warehousing
Accommodation and Food Services icon
Accommodation and Food Services
Arts, Entertainment, and Recreation icon
Arts, Entertainment, and Recreation
Management of Companies and Enterprises icon
Management of Companies and Enterprises
Agriculture, Forestry, Fishing and Hunting icon
Agriculture, Forestry, Fishing and Hunting
Other Services (except Public Administration) icon
Other Services (except Public Administration)
Professional, Scientific, and Technical Services icon
Professional, Scientific, and Technical Services
Administrative and Support and Waste Management and Remediation Services icon
Administrative and Support and Waste Management and Remediation Services

Focus on What Matters

See everything.Identify true risk.Proactively mitigate threats.Book a Demo

Let's talk!