Veeam fixes bug that allows hackers to break into backup infrastructure

Veeam has urged customers to patch a high-severity backup service security vulnerability affecting its backup and replication software.

The flaw (tracked as CVE-2023-27532) was reported in mid-February by a security researcher known as Shanigen, and it affects all versions of Veeam Backup & Replication (VBR).

Unauthenticated attackers can exploit it to gain access to backup infrastructure hosts after obtaining encrypted credentials stored in the VeeamVBR configuration database.

According to Veeam advisorythe root cause of this flaw is Veeam.Backup.Service.exe (which runs on TCP 9401 by default) which allows unauthenticated users to request encrypted credentials.

“We have developed patches for V11 and V12 to mitigate this vulnerability and recommend that you update your installations immediately,” the company said in an email sent to customers on Tuesday.

“If you are not the current manager of your Veeam environment, please forward this email to the appropriate person.”

The company released security updates fixing this vulnerability for VBR V11 And V12customers using older versions are advised to update to one of these two supported products first.

Workaround also available

Veeam is also providing an interim fix for customers who cannot immediately deploy this week’s CVE-2023-27532 patches.

To block the attack vector and secure vulnerable servers from possible exploit attempts, you can also block external connections to TCP port 9401 using the standby server firewall.

However, it is important to note that this workaround should only be used in non-distributed Veeam environments as it will also affect mount server connections to the VBR server.

“When a vulnerability is disclosed, attackers will reverse-engineer patches to understand the vulnerability and exploit one on an unpatched version of the software,” Veeam warned.

“This underscores the importance of ensuring that all of your systems are running the latest versions of all of your deployed software and that patches are installed in a timely manner.”

Veeam said its backup, disaster recovery and data protection software is used by more than 450,000 customers worldwide, including 82% of Fortune 500 companies and 72% of Global 2000 companies.

Source link