Kevin BeaumontMar 10, 2023

PSA: If you use #Veeam Backup & Replication (very common), upgrade. Especially if you face server to internet.

Screenshot from Code White, the API lets you remotely request Windows admin credentials for some reason, no auth request.

In their advisory Veeam claimed these are encrypted... it's base64 (lololol)

#CVE202327532 https://www.veeam.com/kb4424

KB4424: CVE-2023-27532

Vulnerability CVE-2023-27532 in a Veeam Backup & Replication component allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts.

Veeam Software
Show threadKevin Beaumont
#CVE202327532 is being exploited in the wild now by ransomware groups. https://www.bleepingcomputer.com/news/security/hackers-target-vulnerable-veeam-backup-servers-exposed-online/
Hackers target vulnerable Veeam backup servers exposed online

Veeam backup servers are being targeted by at least one group of threat actors known to work with multiple high-profile ransomware gangs.

BleepingComputer
Apr 29, 2023 at 7:12pmWeb