CVE-2023-27532
Published Mar 10, 2023
Last updated 6 months ago
AI description
CVE-2023-27532 is a vulnerability in Veeam Backup & Replication that allows an unauthenticated attacker within the backup infrastructure network to obtain encrypted credentials stored in the configuration database. The vulnerability affects the Veeam.Backup.Service.exe process, which by default uses TCP port 9401. Successful exploitation of CVE-2023-27532 can lead to an attacker gaining access to the backup infrastructure hosts. A proof-of-concept (PoC) exploit has been released that allows a remote, unauthenticated threat actor with access to the VBR service to obtain plaintext usernames and passwords, potentially leading to privilege elevation and remote code execution.
- Description
- Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.
- Source
- support@hackerone.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Veeam Backup & Replication Cloud Connect Missing Authentication for Critical Function Vulnerability
- Exploit added on
- Aug 22, 2023
- Exploit action due
- Sep 12, 2023
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
20
Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2021-26857 (Exchange On-Pre..) +210.76% - CVE-2022-26500 (Veeam Backup & ..) +24.70% - CVE-2015-2291 (IQVW32.sys (BYO..) +22.80% - CVE-2023-27532 (Veeam Backup & ..) +17.62% - CVE-2021-27876 (Verit
@DefusedCyber
22 Sept 2025
10416 Impressions
13 Retweets
89 Likes
63 Bookmarks
1 Reply
1 Quote
New IOC Alert → From SharePoint Vulnerability Exploit to Enterprise Ransomware. ■ Adversary: Warlock ■ Indicator: CVE-2023-27532
@CTI131
20 Aug 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2023-27532
@transilienceai
19 Jun 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Estensioni VSCode e backdoor Betruger RansomHub facilitano i ransomware Sicurezza Informatica, ahban.shiba, backdoor modulare, Betruger, CVE-2023-27532, cybercrime, estensioni malevole, RansomHub, Ransomware, ReversingLabs, supply chain attack, VSCode https://t.co/MJr5n6KdKA http
@matricedigitale
21 Mar 2025
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
履歴書を餌としたTA4557/FIN6によるフィッシング事例。The DFIR Report報告。ie4uinit.exeやmsxsl.exe等のLOLBin(現地調達型攻撃に使えるバイナリ)を用いてmore_eggsマルウェアを実行。CVE-2023-27532でVeeamサーバを攻撃。CloudflaredをインストールしRDPをトンネリング。 https://t.co/RPvWeF6Nog
@__kokumoto
2 Dec 2024
405 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
#Akira #Ransomware DLS is online again. hxxps://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/ Their favorite vulnerabilities used in different breaches are: CVE-2023-27532, CVE-2024-37085 https://t.co/ep1WtMrFtF
@ShanHolo
11 Nov 2024
541 Impressions
4 Retweets
10 Likes
2 Bookmarks
0 Replies
0 Quotes
#Vulnerability #CVE202327532 Ransomware Groups Exploit Veeam Flaw CVE-2023-27532 in Nigerian Cyber Infrastructure https://t.co/f8ktLVN2bs
@Komodosec
27 Oct 2024
41 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
1 Quote
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veeam:veeam_backup_\\&_replication:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FCD9FAE2-4E62-41AC-85EC-5793FD30A3AD",
"versionEndExcluding": "11.0.1.1261"
},
{
"criteria": "cpe:2.3:a:veeam:veeam_backup_\\&_replication:11.0.1.1261:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EC28D606-0A9B-46E5-A88C-8041357979DB"
},
{
"criteria": "cpe:2.3:a:veeam:veeam_backup_\\&_replication:11.0.1.1261:p20211123:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8158D6BC-2041-4600-B935-AD928621D987"
},
{
"criteria": "cpe:2.3:a:veeam:veeam_backup_\\&_replication:11.0.1.1261:p20211211:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "54A5147A-341A-4790-AAA8-DF2648423C50"
},
{
"criteria": "cpe:2.3:a:veeam:veeam_backup_\\&_replication:11.0.1.1261:p20220302:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0F5A2E58-F9C3-4A65-A83B-C86C970A01D2"
},
{
"criteria": "cpe:2.3:a:veeam:veeam_backup_\\&_replication:12.0.0.1420:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA570EC1-4A95-4AD3-8E8C-087769F95F02"
}
],
"operator": "OR"
}
]
}
]