9th March 2023
Veeam Backup & Replication Vulnerability
Veeam released a security advisory on 7th March 2023 (updated 8th March) for a vulnerability affecting its Backup & Replication software. CVE-2023-27532 allows unauthenticated attackers to access backup infrastructure hosts after obtaining encrypted credentials stored in VeeamVBR. CVSS 3.1: 7.5 (High).
Within Veeam Backup & Replication there is an executable running on TCP port 9401 by default, which allows unauthenticated users to request encrypted credentials.
This vulnerability affects all version of Veeam Backup & Replication. Veeam have released the following patches and workarounds:
Version 12 (build 188.8.131.520 P20230223)
If you are using an all-in-one Veeam appliance with no remote backup infrastructure components you can block external connections to port TCP 9401 in the backup server firewall as a temporary remediation until the patch is installed.