03.09.2023

Veeam Backup & Replication vulnerability

Alert
  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 03/09/2023

Action Level - High

Description

Veeam has disclosed a high severity vulnerability in their Backup & Replication component. If exploited, it could allow an unauthenticated attacker to obtain encrypted credentials and potentially gain access to backup infrastructure hosts.

Affected Versions

    Attack Vector

    An attacker with network or local access to the Veeam Backup & Replication server. 

    Attack Feasibility 

    There are currently no known exploits for this vulnerability

    Mitigation

    If you use an all-in-one Veeam appliance with no remote backup components, blocking external access to the appliance on TCP 9401 may temporarily mitigate the exploit.

    Remediation

    Update to a fixed build.

    Vendor Resources

    Veeam KB ID 4424 (includes links to fixed build versions)

    MCNC
    PO Box 12889
    3021 East Cornwallis Road
    RTP, NC 27709-2889
    919-248-1900 Phone | 919-248-1101 Fax
    Connect With Us
    • linkedin
    • twitter
    • facebook
    • youtube
    © 2023 MCNC