{"id":56642,"date":"2023-03-10T09:00:23","date_gmt":"2023-03-10T08:00:23","guid":{"rendered":"https:\/\/nolabnoparty.com\/?p=56642"},"modified":"2023-03-20T11:37:49","modified_gmt":"2023-03-20T10:37:49","slug":"veeam-vulnerability-cve-2023-27532","status":"publish","type":"post","link":"https:\/\/nolabnoparty.com\/en\/veeam-vulnerability-cve-2023-27532\/","title":{"rendered":"Veeam vulnerability CVE-2023-27532"},"content":{"rendered":"<p><img decoding=\"async\" class=\"aligncenter wp-image-56643 size-full\" title=\"veeam-backup-replication-vulnerability-01\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/03\/veeam-backup-replication-vulnerability-01.jpg\" alt=\"veeam-backup-replication-vulnerability-01\" width=\"602\" height=\"202\" \/><\/p>\n<p>A Veeam vulnerability (<strong>CVE-2023-27532<\/strong>) has been discovered within a <a href=\"https:\/\/nolabnoparty.com\/en\/veeam-backup-replication-v12-released\/\">Veeam Backup &amp; Replication<\/a> that allows an unauthenticated user to request encrypted credentials.<\/p>\n<p><strong>All versions<\/strong> of <a href=\"https:\/\/nolabnoparty.com\/en\/veeam-v12-move-or-copy-backups-with-veeamover\/\">Veeam Backup &amp; Replication<\/a> are affected by this vulnerability where an intruder could <strong>gain access<\/strong> to backup infrastructure hosts.<!--more--><\/p>\n<p>&nbsp;<\/p>\n<h2>Fix for Veeam vulnerability CVE-2023-27532<\/h2>\n<p>Patches for Veeam <strong>v11a and v12<\/strong> have been released to <strong>mitigate this vulnerability<\/strong> and they should be applied asap.<\/p>\n<blockquote><p><strong>Patches can be downloaded<\/strong>\u00a0at <a href=\"https:\/\/www.veeam.com\/kb4424\" target=\"_blank\" rel=\"noopener\">https:\/\/www.veeam.com\/kb4424<\/a>.<\/p><\/blockquote>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-56645 size-large\" title=\"veeam-backup-replication-vulnerability-02\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/03\/veeam-backup-replication-vulnerability-02-600x313.jpg\" alt=\"veeam-backup-replication-vulnerability-02\" width=\"600\" height=\"313\" \/><\/p>\n<p>As a temporary fix, you can <strong>block external connections to port TCP 9401<\/strong> in the backup server firewall if <strong>no remote components<\/strong> are used (all-in-one scenario).<\/p>\n<p>&nbsp;<\/p>\n<h2>Install the security patch 20230223<\/h2>\n<p>Download the patch and double click the <strong>.EXE file<\/strong>\u00a0to run the wizard.<\/p>\n<p>Click <strong>Next<\/strong> to proceed with the installation.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-56756 size-full\" title=\"veeam-backup-replication-vulnerability-03\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/03\/veeam-backup-replication-vulnerability-03.jpg\" alt=\"veeam-backup-replication-vulnerability-03\" width=\"555\" height=\"438\" \/><\/p>\n<p>If you receive this error, make sure no processes are currently active and the Veeam console is not open. Click <strong>OK<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-56758 size-full\" title=\"veeam-backup-replication-vulnerability-04\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/03\/veeam-backup-replication-vulnerability-04.jpg\" alt=\"veeam-backup-replication-vulnerability-04\" width=\"413\" height=\"185\" \/><\/p>\n<p>Select <strong>Update remote components automatically<\/strong> option and click <strong>Install<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-56760 size-full\" title=\"veeam-backup-replication-vulnerability-05\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/03\/veeam-backup-replication-vulnerability-05.jpg\" alt=\"veeam-backup-replication-vulnerability-05\" width=\"555\" height=\"438\" \/><\/p>\n<p>The patch is being installed.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-56762 size-full\" title=\"veeam-backup-replication-vulnerability-06\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/03\/veeam-backup-replication-vulnerability-06.jpg\" alt=\"veeam-backup-replication-vulnerability-06\" width=\"555\" height=\"438\" \/><\/p>\n<p>After few minutes the patch installation process completes successfully. Click <strong>Finish<\/strong> to exit the wizard.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-56764 size-full\" title=\"veeam-backup-replication-vulnerability-07\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/03\/veeam-backup-replication-vulnerability-07.jpg\" alt=\"veeam-backup-replication-vulnerability-07\" width=\"555\" height=\"438\" \/><\/p>\n<p>After installing the patch, the Veeam Backup &amp; Replication build number will be <strong>12.00.1420 P20230223<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-56766 size-full\" title=\"veeam-backup-replication-vulnerability-08\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2023\/03\/veeam-backup-replication-vulnerability-08.jpg\" alt=\"veeam-backup-replication-vulnerability-08\" width=\"450\" height=\"307\" \/><\/p>\n<p>To avoid issues, <strong>apply the fix<\/strong> immediately to mitigate the Veeam vulnerability.<\/p>\n<p><img decoding=\"async\" title=\"signature\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/images\/firma.jpg\" alt=\"signature\" \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A Veeam vulnerability (CVE-2023-27532) has been discovered within a Veeam Backup &amp; Replication that allows an unauthenticated user to request encrypted credentials. All versions of Veeam Backup &amp; Replication are affected by this vulnerability where an intruder could gain access to backup infrastructure hosts.<\/p>\n","protected":false},"author":3,"featured_media":56643,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rop_custom_images_group":[],"rop_custom_messages_group":[],"rop_publish_now":"initial","rop_publish_now_accounts":{"linkedin_93tdZWzMZc_93tdZWzMZc":"","facebook_2879994398731222_17841400390232720":"","twitter_113568041_113568041":"","mastodon_115463926174894442_115463926174894442":""},"rop_publish_now_history":[],"rop_publish_now_status":"pending","footnotes":""},"categories":[2138,933],"tags":[579,626,584,2425],"class_list":["post-56642","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-backup-en","category-veeam-en","tag-backup-en","tag-patch-en","tag-veeam-en","tag-vulnerability","has_thumb"],"_links":{"self":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts\/56642","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/comments?post=56642"}],"version-history":[{"count":0,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts\/56642\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/media\/56643"}],"wp:attachment":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/media?parent=56642"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/categories?post=56642"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/tags?post=56642"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}