CVE-2023-27532
Veeam Backup & Replication Cloud Connect Missing A - [Actively Exploited]
Description
Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.
INFO
Published Date :
March 10, 2023, 10:15 p.m.
Last Modified :
Nov. 21, 2024, 7:53 a.m.
Source :
[email protected]
Remotely Exploitable :
Yes !
Impact Score :
3.6
Exploitability Score :
3.9
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Veeam Backup & Replication Cloud Connect component contains a missing authentication for critical function vulnerability that allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts.
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
https://www.veeam.com/kb4424; https://nvd.nist.gov/vuln/detail/CVE-2023-27532
Public PoC/Exploit Available at Github
CVE-2023-27532 has a 4 public PoC/Exploit
available at Github.
Go to the Public Exploits
tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2023-27532
.
URL | Resource |
---|---|
https://www.veeam.com/kb4424 | Vendor Advisory |
https://www.veeam.com/kb4424 | Vendor Advisory |
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
None
C# Python
Exploit for CVE-2023-27532 against Veeam Backup & Replication
C#
POC for Veeam Backup and Replication CVE-2023-27532
C#
Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.
cisa-kev vulnerability 0day cisa exploits
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2023-27532
vulnerability anywhere in the article.
- Cybersecurity News
Raspberry Robin’s Stealth Tactics: USB Infections, Exploits, and Advanced Obfuscation Unveiled
Raspberry Robin, also known as Roshtyak, stands out as a highly advanced malicious downloader. Discovered in 2021, it has gained notoriety for its use of infected USB drives and sophisticated techniqu ... Read more
- Cybersecurity News
WorkflowKit Race Vulnerability (CVE-2024-27821): Researcher Reveals Exploit that Let Malicious Apps Hijack Shortcuts
Security researcher Snoolie K has published an in-depth analysis of a significant security flaw in WorkflowKit, which has been assigned CVE-2024-27821. This vulnerability, dubbed the “WorkflowKit Race ... Read more
- Cybersecurity News
Ghostscript Update Patches Six Critical Vulnerabilities: Code Execution, Buffer Overflow, and Path Traversal Risks
Popular document rendering engine Ghostscript has released a critical security update addressing multiple vulnerabilities, some of which could lead to remote code execution.Ghostscript, a widely used ... Read more
- Cybersecurity News
Silent Skimmer Reemerges: New Tactics Target Payment Gateways
Unit 42 researchers have detected renewed activity from a notorious financially motivated threat actor known as Silent Skimmer. This cybercriminal group, first identified in 2023, had seemingly faded ... Read more
- BleepingComputer
Critical Veeam RCE bug now used in Frag ransomware attacks
After being used in Akira and Fog ransomware attacks, a critical Veeam Backup & Replication (VBR) security flaw was also recently exploited to deploy Frag ransomware. Code White security researcher Fl ... Read more
- Cybersecurity News
Hikvision Patches Security Flaw in Network Cameras, Preventing Cleartext Credential Transmission
Hikvision, a leading provider of network cameras and surveillance systems, has released firmware updates to address a security vulnerability that could expose users’ Dynamic DNS credentials. The vulne ... Read more
- Cybersecurity News
Microsoft Boosts Email Security with General Availability of Inbound SMTP DANE with DNSSEC
Microsoft announced the general availability of Inbound SMTP DANE with DNSSEC for Exchange Online, marking a significant step forward in email security. This powerful feature combines two robust secur ... Read more
- Cybersecurity News
Atlassian Confluence Vulnerability CVE-2023-22527 Exploited for Cryptomining
Attach chain | Image: Trend MicroIn a recently disclosed report by Trend Micro, attackers were observed exploiting a vulnerability in Atlassian’s Confluence servers (CVE-2023-22527) to hijack victim r ... Read more
- Cybersecurity News
CISA Sounds Alarm on Actively Exploited Cisco and Roundcube Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about two actively exploited vulnerabilities affecting Cisco networking devices and the popular Roundcube ... Read more
- The Hacker News
Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks
Threat actors have been observed abusing Amazon S3 (Simple Storage Service) Transfer Acceleration feature as part of ransomware attacks designed to exfiltrate victim data and upload them to S3 buckets ... Read more
- Cybersecurity News
Hikvision HikCentral Master Lite and Professional Affected by Multi Vulnerabilities
Hikvision, a leading provider of AIoT and video surveillance solutions, has disclosed three vulnerabilities affecting its HikCentral Master Lite and HikCentral Professional software. These flaws could ... Read more
- The Cyber Express
Critical Veeam Vulnerability CVE-2024-40711 Exploited by Ransomware Groups
Veeam has addressed a severe vulnerability in its widely utilized Backup & Replication tool, CVE-2024-40711. This critical flaw has a staggering Common Vulnerability Scoring System (CVSS) score of 9.8 ... Read more
- Cybersecurity News
Popular Java Security Framework ‘pac4j’ Vulnerable to RCE (CVE-2023-25581)
A new analysis by security researcher Michael Stepankin (@artsploit) of the GitHub Security Lab (GHSL) has uncovered a critical vulnerability in pac4j, a widely-used Java security framework. This vuln ... Read more
- Cybersecurity News
0-Day Flaw CVE-2024-38200 in Microsoft Office Exposes NTLMv2 Hashes: PoC Exploit Released
A discovered zero-day vulnerability is putting Microsoft Office users at risk. Security researcher Metin Yunus Kandemir recently published the technical details and a proof-of-concept (PoC) exploit th ... Read more
- TheCyberThrone
Grafana fixes Critical Vulnerability CVE-2024-8986
A critical security vulnerability has been discovered in the Grafana Plugin SDK for Go, that could lead to the inadvertent leakage of sensitive information, including repository credentials.The vulne ... Read more
- TheCyberThrone
FreeBSD flagged with a Critical Vulnerability CVE-2024-41721
A critical vulnerability has been disclosed affecting FreeBSD’s bhyve hypervisor. If exploited, this flaw could allow malicious code execution, posing a serious threat to systems running vulnerable ve ... Read more
- Cybersecurity News
CVE-2024-7490: Urgent Warning for IoT Devices Using Microchip ASF, No Patch Available
The latest vulnerability disclosure identifies a significant security flaw in the Microchip Advanced Software Framework (ASF), specifically within its tinydhcp server implementation. This vulnerabilit ... Read more
- TheCyberThrone
TheCyberThrone Security Week In Review – September 21, 2024
Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, September 21, 2024.Microsoft Kernel Vulne ... Read more
- TheCyberThrone
Acronics warning on a critical vulnerability CVE-2024-8767
Acronis has released an advisory for a critical security vulnerability in its popular backup plugins for server management platforms like cPanel, Plesk, and DirectAdmin.The vulnerability, tracked as C ... Read more
- TheCyberThrone
Nigerian ngCERT warns on exploitation of Veeam CVE-2023-27532
Nigerian ngCERT has issued an urgent warning of ransomware groups actively targeting critical systems by exploiting the vulnerability tracked as CVE-2023-27532 in Veeam Backup and Replication software ... Read more
- Cybersecurity News
Ransomware Groups Exploit Veeam Flaw CVE-2023-27532 in Nigerian Cyber Infrastructure
The Nigeria Computer Emergency Response Team (ngCERT) has issued an urgent alert warning of ransomware groups actively targeting critical systems across Nigeria. The alert focuses on a high-severity v ... Read more
- Cybersecurity News
CVE-2023-48788 Exploited: Researcher Details Cyberattacks on Fortinet EMS
Medusa ransomware ransom note | Image: Unit 42In a concerning new development, cybersecurity researchers at Darktrace have unveiled a report detailing the exploitation of Fortinet’s FortiClient Endpoi ... Read more
- Cybersecurity News
Cyberattack on Delta Prime: Losses Soar to $6M
The Delta Prime platform fell victim to a cyberattack resulting in the theft of cryptocurrency worth approximately $6 million. Initially, losses were reported at around $4.5 million, but the damage la ... Read more
- Cybersecurity News
Exploit Kits, Cryptominers, Proxyjackers: The New Face of Selenium Grid Abuse
Researchers at Cado Security Labs have uncovered two malicious campaigns that exploit misconfigured instances of Selenium Grid. Once a trusted tool for browser automation and testing, Selenium Grid ha ... Read more
- Cybersecurity News
Ajina.Banker: Unmasking the Android Malware Targeting Central Asian Banks
Screenshot of the sample found on the VirusTotal platformCybersecurity analysts at Group-IB have uncovered a sophisticated malware campaign targeting bank customers in Central Asia. Dubbed “Ajina.Bank ... Read more
- Dark Reading
Amateurish 'CosmicBeetle' Ransomware Stings SMBs in Turkey
Source: Mark Brandon via ShutterstockA cybercriminal group — or individual — known as "CosmicBeetle" is exploiting vulnerabilities in technologies used by small businesses in Turkey, as well as Spain, ... Read more
- Cybersecurity News
CosmicBeetle’s ScRansom Ransomware: A Growing Threat to European and Asian Businesses
Encryption scheme utilized by the latest ScRansom samples | Image: ESETIn a significant development tracked by ESET researchers, the threat actor known as CosmicBeetle has intensified its ransomware o ... Read more
- The Hacker News
CosmicBeetle Deploys Custom ScRansom Ransomware, Partnering with RansomHub
The threat actor known as CosmicBeetle has debuted a new custom ransomware strain called ScRansom in attacks targeting small- and medium-sized businesses (SMBs) in Europe, Asia, Africa, and South Amer ... Read more
- BleepingComputer
NoName ransomware gang deploying RansomHub malware in recent attacks
The NoName ransomware gang has been trying to build a reputation for more than three years targeting small and medium-sized businesses worldwide with its encryptors and may now be working as a RansomH ... Read more
- Hackread - Latest Cybersecurity, Tech, Crypto & Hacking News
New Veeam Vulnerability Puts Thousands of Backup Servers at Risk – PATCH NOW!
A critical vulnerability (CVE-2024-40711) in Veeam Backup & Replication software allows attackers to gain full control without authentication. Immediate updates are essential to protect sensitive data ... Read more
- Help Net Security
Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711)
CVE-2024-40711, a critical vulnerability affecting Veeam Backup & Replication (VBR), could soon be exploited by attackers to steal enterprise data. Discovered and reported by Code WHite researcher Flo ... Read more
- Cybersecurity News
CVE-2024-7591 (CVSS 10): Critical Vulnerability Discovered in Progress LoadMaster
Please enable JavaScriptProgress Software Corporation has issued a security advisory for a critical vulnerability (CVE-2024-7591) affecting its LoadMaster application delivery controller (ADC) and loa ... Read more
- Cybersecurity News
CVE-2024-38650 & CVE-2024-39714 (CVSS 9.9): Critical Flaws in Veeam Console Put Data at Risk
A series of critical vulnerabilities have been discovered in Veeam Service Provider Console, a widely-used platform for managing data protection services in cloud and virtual environments. These vulne ... Read more
- Cybersecurity News
Veeam Backup & Replication Faces RCE Flaw– CVE-2024-40711 (CVSS 9.8) Allows Full System Takeover
A series of critical vulnerabilities have been uncovered in Veeam Backup & Replication, potentially exposing organizations to unauthorized access, remote code execution, and data breaches. The most se ... Read more
- Cybersecurity News
Webmin/Virtualmin Vulnerability Opens Door to Loop DoS Attacks (CVE-2024-2169)
System administrators and web hosting providers relying on the popular Webmin and Virtualmin control panels are urged to take immediate action following the disclosure of a critical vulnerability that ... Read more
- Cybersecurity News
Urgent Edge Security Update: Microsoft Patches Zero-day & RCE Vulnerabilities
Microsoft has released an urgent security update for its Edge browser, patching a critical vulnerability that is currently being exploited by malicious actors. This zero-day flaw, tracked as CVE-2024- ... Read more
- Cybersecurity News
Critical Vulnerabilities Uncovered in Progress WhatsUp Gold (CVE-2024-6670 & CVE-2024-6671)
The Progress WhatsUp Gold team has recently disclosed multiple critical vulnerabilities affecting all versions of the software released before 2024.0.0. These vulnerabilities, identified as CVE-2024-6 ... Read more
- Cybersecurity News
Beyond the Ransom: Inside the Mind of Brain Cipher Ransomware Group
Indonesian government agencies have fallen victim to a large-scale cyberattack orchestrated by the Brain Cipher ransomware group. On June 20, 2024, hackers dealt a severe blow to the country’s critica ... Read more
- Cybersecurity News
Microsoft, Linux, Dahua Flaws Exploited: CISA Warns
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert, adding four critical security vulnerabilities impacting Microsoft Exchange Server, the Linux kernel, and Da ... Read more
The following table lists the changes that have been made to the
CVE-2023-27532
vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Nov. 21, 2024
Action Type Old Value New Value Added Reference https://www.veeam.com/kb4424 -
CVE Modified by [email protected]
May. 14, 2024
Action Type Old Value New Value -
Initial Analysis by [email protected]
Mar. 16, 2023
Action Type Old Value New Value Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Changed Reference Type https://www.veeam.com/kb4424 No Types Assigned https://www.veeam.com/kb4424 Vendor Advisory Added CWE NIST CWE-306 Added CPE Configuration OR *cpe:2.3:a:veeam:backup_\&_replication:11.0.1.1261:*:*:*:*:*:*:* *cpe:2.3:a:veeam:backup_\&_replication:11.0.1.1261:-:*:*:*:*:*:* *cpe:2.3:a:veeam:backup_\&_replication:11.0.1.1261:p20211123:*:*:*:*:*:* *cpe:2.3:a:veeam:backup_\&_replication:11.0.1.1261:p20211211:*:*:*:*:*:* *cpe:2.3:a:veeam:backup_\&_replication:11.0.1.1261:p20220302:*:*:*:*:*:* *cpe:2.3:a:veeam:backup_\&_replication:12.0.0.1420:-:*:*:*:*:*:*
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2023-27532
is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2023-27532
weaknesses.
Exploit Prediction
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.
2.29 }} -0.79%
score
0.89856
percentile