CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Sep 12, 2023
Description
Veeam Backup & Replication Cloud Connect component contains a missing authentication for critical function vulnerability that allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts.
EPSS — Exploit Probability
82.4%
Higher than 99.2% of all CVEs
Required Action
https://www.veeam.com/kb4424; https://nvd.nist.gov/vuln/detail/CVE-2023-27532
Risk Assessment
CRITICALIn CISA KEV
High EPSS
Ransomware
Details
- Severity
- High
- EPSS
- 82.4%
- CISA KEV
- Yes
- Ransomware
- Known
- Articles
- 0
Timeline
Published
Aug 22, 2023
Added to KEV
Aug 22, 2023
Remediation Due
Sep 12, 2023