OPERATIONAL DEFECT DATABASE
...
...
Vulnerability CVE-2023-27532 in a Veeam Backup & Replication component allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts. Severity: HighCVSS v3 score: 7.5
The vulnerable process, Veeam.Backup.Service.exeDefault path:C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.Service.exe (TCP 9401 by default), allows an unauthenticated user to request encrypted credentials.
This vulnerability was resolved starting in the following Veeam Backup & Replication build numbers:
This vulnerability was reported by Shanigen. Correction: This article initially listed the vulnerability ID as CVE-2023-27530, the correct vulnerability ID is CVE-2023-27532.
Click on a version to see all relevant bugs
Veeam Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
