Main Vulnerability Database Exploits ID:8932 - Exploit for Missing authentication for critical function in Backup & Replication - CVE-2023-27532

ID:8932 - Exploit for Missing authentication for critical function in Backup & Replication - CVE-2023-27532

Published: March 24, 2023

Vulnerability identifier: #VU74001

Vulnerability risk: Medium

CVE-ID: CVE-2023-27532

CWE-ID: CWE-306

Exploitation vector: Remote access

Vulnerable software:
Backup & Replication

Link to public exploit:

https://github.com/sfewer-r7/CVE-2023-27532

Vulnerability description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to missing authorization within the Veeam.Backup.Service.exe. A remote attacker can connect to the affected service that is listening on port 9401/TCP, obtain encrypted credentials stored in the configuration database and use this information to access the backup infrastructure hosts.

Remediation

Install updates from vendor's website.

ID:8932 - Exploit for Missing authentication for critical function in Backup & Replication - CVE-2023-27532

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human