CVE-2023-27532

Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may...

Basic Information

CVE State: PUBLISHED
Reserved Date: March 02, 2023
Published Date: March 10, 2023
Last Updated: January 28, 2025
Vendor: n/a
Product: Veeam Backup & Replication
Description: Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.

CVSS Scores

CVSS v3.1

7.5 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: partial

Exploit Status

Exploited in the Wild: Yes (added 2023-08-22 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2023-03-18 16:20:53 UTC) Source
Used in Malware: Yes (added 2023-08-22 00:00:00 UTC) Source

References

https://www.veeam.com/kb4424

Known Exploited Vulnerability Information

Source	Added Date
CISA	2023-08-22 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

sfewer-r7/CVE-2023-27532

Type: github • Created: 2023-03-23 16:08:43 UTC • Stars: 110

Exploit for CVE-2023-27532 against Veeam Backup & Replication

horizon3ai/CVE-2023-27532

Type: github • Created: 2023-03-18 16:20:53 UTC • Stars: 63

POC for Veeam Backup and Replication CVE-2023-27532