CVE-2023-27532
Vulnerability from cvelistv5
Published
2023-03-10 00:00
Modified
2025-01-28 21:28
Severity ?
EPSS score ?
Summary
Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://www.veeam.com/kb4424 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veeam.com/kb4424 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Veeam Backup & Replication |
Version: Fixed Versions: v12 (build 12.0.0.1420 P20230223) Version: 11a (build 11.0.1.1261 P20230227) |
CISA Known exploited vulnerability
Data from the Known Exploited Vulnerabilities Catalog
Date added: 2023-08-22
Due date: 2023-09-12
Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Used in ransomware: Known
Notes: https://www.veeam.com/kb4424; https://nvd.nist.gov/vuln/detail/CVE-2023-27532
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:16:35.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.veeam.com/kb4424"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-27532",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T21:19:54.717692Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-08-22",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-27532"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T21:28:51.796Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Veeam Backup \u0026 Replication",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed Versions: v12 (build 12.0.0.1420 P20230223)"
},
{
"status": "affected",
"version": "11a (build 11.0.1.1261 P20230227)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Veeam Backup \u0026 Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing Authentication for Critical Function (CWE-306)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T00:00:00.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://www.veeam.com/kb4424"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2023-27532",
"datePublished": "2023-03-10T00:00:00.000Z",
"dateReserved": "2023-03-02T00:00:00.000Z",
"dateUpdated": "2025-01-28T21:28:51.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2023-27532",
"cwes": "[\"CWE-306\"]",
"dateAdded": "2023-08-22",
"dueDate": "2023-09-12",
"knownRansomwareCampaignUse": "Known",
"notes": "https://www.veeam.com/kb4424; https://nvd.nist.gov/vuln/detail/CVE-2023-27532",
"product": "Backup \u0026 Replication",
"requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"shortDescription": "Veeam Backup \u0026 Replication Cloud Connect component contains a missing authentication for critical function vulnerability that allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts.",
"vendorProject": "Veeam",
"vulnerabilityName": "Veeam Backup \u0026 Replication Cloud Connect Missing Authentication for Critical Function Vulnerability"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-27532\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2023-03-10T22:15:10.557\",\"lastModified\":\"2025-01-28T22:15:14.430\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vulnerability in Veeam Backup \u0026 Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"cisaExploitAdd\":\"2023-08-22\",\"cisaActionDue\":\"2023-09-12\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Veeam Backup \u0026 Replication Cloud Connect Missing Authentication for Critical Function Vulnerability\",\"weaknesses\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:veeam:veeam_backup_\\\\\u0026_replication:11.0.1.1261:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AC06A80-CAA8-45A4-BCA3-A36D56F70B39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:veeam:veeam_backup_\\\\\u0026_replication:11.0.1.1261:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC28D606-0A9B-46E5-A88C-8041357979DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:veeam:veeam_backup_\\\\\u0026_replication:11.0.1.1261:p20211123:*:*:*:*:*:*\",\"matchCriteriaId\":\"8158D6BC-2041-4600-B935-AD928621D987\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:veeam:veeam_backup_\\\\\u0026_replication:11.0.1.1261:p20211211:*:*:*:*:*:*\",\"matchCriteriaId\":\"54A5147A-341A-4790-AAA8-DF2648423C50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:veeam:veeam_backup_\\\\\u0026_replication:11.0.1.1261:p20220302:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F5A2E58-F9C3-4A65-A83B-C86C970A01D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:veeam:veeam_backup_\\\\\u0026_replication:12.0.0.1420:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA570EC1-4A95-4AD3-8E8C-087769F95F02\"}]}]}],\"references\":[{\"url\":\"https://www.veeam.com/kb4424\",\"source\":\"support@hackerone.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.veeam.com/kb4424\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.veeam.com/kb4424\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T12:16:35.584Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-27532\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-28T21:19:54.717692Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2023-08-22\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-27532\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-28T21:19:05.317Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"Veeam Backup \u0026 Replication\", \"versions\": [{\"status\": \"affected\", \"version\": \"Fixed Versions: v12 (build 12.0.0.1420 P20230223)\"}, {\"status\": \"affected\", \"version\": \"11a (build 11.0.1.1261 P20230227)\"}]}], \"references\": [{\"url\": \"https://www.veeam.com/kb4424\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Vulnerability in Veeam Backup \u0026 Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-306\", \"description\": \"Missing Authentication for Critical Function (CWE-306)\"}]}], \"providerMetadata\": {\"orgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"shortName\": \"hackerone\", \"dateUpdated\": \"2023-03-10T00:00:00.000Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-27532\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-28T21:28:51.796Z\", \"dateReserved\": \"2023-03-02T00:00:00.000Z\", \"assignerOrgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"datePublished\": \"2023-03-10T00:00:00.000Z\", \"assignerShortName\": \"hackerone\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.