CVE-2023-27532

HIGHCISA KEV

7.5

Description

Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.

CVE Details

CVSS v3.1 Score7.5

SeverityHIGH

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published3/10/2023

Last Modified11/3/2025

Sourcekev

Honeypot Sightings0

CISA KEV

VendorVeeam

ProductBackup & Replication

Vulnerability NameVeeam Backup & Replication Cloud Connect Missing Authentication for Critical Function Vulnerability

KEV Date Added2023-08-22

Remediation Due Date2023-09-12

Ransomware UseKnown

Affected Products

veeam:veeam_backup_\&_replication

Weaknesses (CWE)

CWE-306CWE-306

References

https://www.veeam.com/kb4424(support@hackerone.com)

https://www.veeam.com/kb4424(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27532(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.