Veeam Backup & Replication vulnerability

Date of Notice: 03/09/2023
Action Level - High
Description
Veeam has disclosed a high severity vulnerability in their Backup & Replication component. If exploited, it could allow an unauthenticated attacker to obtain encrypted credentials and potentially gain access to backup infrastructure hosts.
Affected Versions
Attack Vector
An attacker with network or local access to the Veeam Backup & Replication server.
Attack Feasibility
There are currently no known exploits for this vulnerability
Mitigation
If you use an all-in-one Veeam appliance with no remote backup components, blocking external access to the appliance on TCP 9401 may temporarily mitigate the exploit.
Remediation
Update to a fixed build.
Vendor Resources
Veeam KB ID 4424 (includes links to fixed build versions)