Veeam Urges Customers to Patch High-Severity Backup Service Security Vulnerability

March 8, 2023

Veeam has urged customers to patch a high-severity Backup Service security vulnerability impacting its Backup & Replication software. The flaw, tracked as CVE-2023-27532, was reported in mid-February by a security researcher known as Shanigen, and it affects all Veeam Backup & Replication (VBR) versions. Unauthenticated attackers can exploit it to access backup infrastructure hosts after obtaining encrypted credentials stored in the VeeamVBR configuration database.

Veeam has released security updates addressing this vulnerability for VBR V11 and V12, with customers using older releases being advised to update to one of these two supported products first. The company also provides a temporary fix for customers who can't immediately deploy this week's CVE-2023-27532 patches. "We have developed patches for V11 and V12 to mitigate this vulnerability and we recommend you update your installations immediately," said Veeam in an email sent to customers on Tuesday. "When a vulnerability is disclosed, attackers will reverse-engineer patches to understand the vulnerability and exploit one on an unpatched version of software," they added. "This underlines the importance of ensuring all your systems use the latest versions of all your deployed software, and patches are installed in a timely manner." Veeam's backup, disaster recovery, and data protection software is being used by over 450,000 customers worldwide.

Latest News

• Severe Security Vulnerabilities Discovered in Jenkins Open Source Automation Server
• Surge in ICS Attacks Linked to Bitrix CMS Vulnerability
• Ongoing Exploitation of Critical Vulnerabilities in VMware Cloud Foundation and NSX-V
• LastPass Suffers Second Attack After Failing to Update Plex
• Microsoft Word Vulnerability CVE-2023-21716 Exploitable