CVE-2023-27532
Veeam Backup & Replication Cloud Connect Missing Authentication for Critical Function Vulnerability
CVSS
—
Sin CVSS
EPSS
77.6%
p100
KEV
SÍ
22 ago 2023
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
Veeam / Backup & Replication
Vulnerabilidad
Veeam Backup & Replication Cloud Connect Missing Authentication for Critical Function Vulnerability
Añadido a KEV
22 ago 2023
Remediar antes de
12 sept 2023
Uso conocido en ransomware
Sí
Descripción resumida
Veeam Backup & Replication Cloud Connect component contains a missing authentication for critical function vulnerability that allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts.
Acción requerida
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notas
https://www.veeam.com/kb4424; https://nvd.nist.gov/vuln/detail/CVE-2023-27532