Veeam Urges Customers to Patch High-Severity Backup Service Security Vulnerability

March 8, 2023

Veeam has urged customers to patch a high-severity Backup Service security vulnerability impacting its Backup & Replication software. The flaw, tracked as CVE-2023-27532, was reported in mid-February by a security researcher known as Shanigen, and it affects all Veeam Backup & Replication (VBR) versions. Unauthenticated attackers can exploit it to access backup infrastructure hosts after obtaining encrypted credentials stored in the VeeamVBR configuration database.

Veeam has released security updates addressing this vulnerability for VBR V11 and V12, with customers using older releases being advised to update to one of these two supported products first. The company also provides a temporary fix for customers who can't immediately deploy this week's CVE-2023-27532 patches. "We have developed patches for V11 and V12 to mitigate this vulnerability and we recommend you update your installations immediately," said Veeam in an email sent to customers on Tuesday. "When a vulnerability is disclosed, attackers will reverse-engineer patches to understand the vulnerability and exploit one on an unpatched version of software," they added. "This underlines the importance of ensuring all your systems use the latest versions of all your deployed software, and patches are installed in a timely manner." Veeam's backup, disaster recovery, and data protection software is being used by over 450,000 customers worldwide.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.