- Description
- Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.
- Source
- support@hackerone.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Veeam Backup & Replication Cloud Connect Missing Authentication for Critical Function Vulnerability
- Exploit added on
- Aug 22, 2023
- Exploit action due
- Sep 12, 2023
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
履歴書を餌としたTA4557/FIN6によるフィッシング事例。The DFIR Report報告。ie4uinit.exeやmsxsl.exe等のLOLBin(現地調達型攻撃に使えるバイナリ)を用いてmore_eggsマルウェアを実行。CVE-2023-27532でVeeamサーバを攻撃。CloudflaredをインストールしRDPをトンネリング。 https://t.co/RPvWeF6Nog
@__kokumoto
2 Dec 2024
405 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
#Akira #Ransomware DLS is online again. hxxps://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/ Their favorite vulnerabilities used in different breaches are: CVE-2023-27532, CVE-2024-37085 https://t.co/ep1WtMrFtF
@ShanHolo
11 Nov 2024
541 Impressions
4 Retweets
10 Likes
2 Bookmarks
0 Replies
0 Quotes
#Vulnerability #CVE202327532 Ransomware Groups Exploit Veeam Flaw CVE-2023-27532 in Nigerian Cyber Infrastructure https://t.co/f8ktLVN2bs
@Komodosec
27 Oct 2024
41 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
1 Quote
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veeam:veeam_backup_\\&_replication:11.0.1.1261:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4AC06A80-CAA8-45A4-BCA3-A36D56F70B39"
},
{
"criteria": "cpe:2.3:a:veeam:veeam_backup_\\&_replication:11.0.1.1261:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EC28D606-0A9B-46E5-A88C-8041357979DB"
},
{
"criteria": "cpe:2.3:a:veeam:veeam_backup_\\&_replication:11.0.1.1261:p20211123:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8158D6BC-2041-4600-B935-AD928621D987"
},
{
"criteria": "cpe:2.3:a:veeam:veeam_backup_\\&_replication:11.0.1.1261:p20211211:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "54A5147A-341A-4790-AAA8-DF2648423C50"
},
{
"criteria": "cpe:2.3:a:veeam:veeam_backup_\\&_replication:11.0.1.1261:p20220302:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0F5A2E58-F9C3-4A65-A83B-C86C970A01D2"
},
{
"criteria": "cpe:2.3:a:veeam:veeam_backup_\\&_replication:12.0.0.1420:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA570EC1-4A95-4AD3-8E8C-087769F95F02"
}
],
"operator": "OR"
}
]
}
]