CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Sep 12, 2023
High
CISA KEVRansomwareCVE-2023-27532
Veeam—Backup & Replication
Veeam Backup & Replication Cloud Connect component contains a missing authentication for critical function vulnerability that allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts.
Required Action
https://www.veeam.com/kb4424; https://nvd.nist.gov/vuln/detail/CVE-2023-27532
Vulnerability Overview
- Severity
- High
- CISA KEV
- Yes
- Ransomware
- Known
- Published
- Aug 22, 2023
- KEV Added
- Aug 22, 2023
- Due Date
- Sep 12, 2023
- Related Articles
- 0
Vendor
Veeam
Backup & Replication