Veeam Backup & Replication vulnerability

  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 03/09/2023

Action Level - High


Veeam has disclosed a high severity vulnerability in their Backup & Replication component. If exploited, it could allow an unauthenticated attacker to obtain encrypted credentials and potentially gain access to backup infrastructure hosts.

Affected Versions

  • Veeam Backup & Replication 12 - builds prior to P20230223
  • Veeam Backup & Replication 11a and earlier - builds prior to P20230227

Attack Vector

An attacker with network or local access to the Veeam Backup & Replication server. 

Attack Feasibility 

There are currently no known exploits for this vulnerability


If you use an all-in-one Veeam appliance with no remote backup components, blocking external access to the appliance on TCP 9401 may temporarily mitigate the exploit.


Update to a fixed build.

Vendor Resources

Veeam KB ID 4424 (includes links to fixed build versions)

PO Box 12889
3021 East Cornwallis Road
RTP, NC 27709-2889
919-248-1900 Phone | 919-248-1101 Fax
Connect With Us
  • linkedin
  • instagram
  • x
  • facebook
  • youtube
© 2024 MCNC