Veeam Backup & Replication admins, get patching! (CVE-2023-27532)

Veeam Software has patched CVE-2023-27532, a high-severity security hole in its widely-used Veeam Backup & Replication solution, and is urging customer to implement the fix as soon as possible. About CVE-2023-27532 The nature of CVE-2023-27532 has not been explained – Veeam only says that “the vulnerable process, Veeam.Backup.Service.exe (TCP 9401 by default), allows an unauthenticated user to request encrypted credentials.” Obtaining encrypted credentials might ultimately allow attackers to gain access to the backup infrastructure hosts, … More →

The post …

access amp attackers backup credentials customer cve default don't miss encrypted enterprise explained fix high hot stuff nature patch patching process request security service severity software solution tcp veeam veeam software vulnerability vulnerable