Lucene search

K
cveHackeroneCVE-2023-27532
HistoryMar 10, 2023 - 10:15 p.m.

CVE-2023-27532

2023-03-1022:15:10
CWE-306
hackerone
web.nvd.nist.gov
442
In Wild
2
23
cve-2023-27532
veeam
backup & replication
vulnerability
configuration database
encrypted credentials
access
backup infrastructure hosts
nvd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.031

Percentile

91.2%

Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.

Affected configurations

Nvd
Vulners
Node
veeamveeam_backup_\&_replicationMatch11.0.1.1261
OR
veeamveeam_backup_\&_replicationMatch11.0.1.1261-
OR
veeamveeam_backup_\&_replicationMatch11.0.1.1261p20211123
OR
veeamveeam_backup_\&_replicationMatch11.0.1.1261p20211211
OR
veeamveeam_backup_\&_replicationMatch11.0.1.1261p20220302
OR
veeamveeam_backup_\&_replicationMatch12.0.0.1420-
VendorProductVersionCPE
veeamveeam_backup_\&_replication11.0.1.1261cpe:2.3:a:veeam:veeam_backup_\&_replication:11.0.1.1261:*:*:*:*:*:*:*
veeamveeam_backup_\&_replication11.0.1.1261cpe:2.3:a:veeam:veeam_backup_\&_replication:11.0.1.1261:-:*:*:*:*:*:*
veeamveeam_backup_\&_replication11.0.1.1261cpe:2.3:a:veeam:veeam_backup_\&_replication:11.0.1.1261:p20211123:*:*:*:*:*:*
veeamveeam_backup_\&_replication11.0.1.1261cpe:2.3:a:veeam:veeam_backup_\&_replication:11.0.1.1261:p20211211:*:*:*:*:*:*
veeamveeam_backup_\&_replication11.0.1.1261cpe:2.3:a:veeam:veeam_backup_\&_replication:11.0.1.1261:p20220302:*:*:*:*:*:*
veeamveeam_backup_\&_replication12.0.0.1420cpe:2.3:a:veeam:veeam_backup_\&_replication:12.0.0.1420:-:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Veeam Backup & Replication",
    "versions": [
      {
        "version": "Fixed Versions: v12 (build 12.0.0.1420 P20230223)",
        "status": "affected"
      },
      {
        "version": "11a (build 11.0.1.1261 P20230227)",
        "status": "affected"
      }
    ]
  }
]

Social References

More

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.031

Percentile

91.2%