MCNC Logo
Our hearts go out to everyone affected by Hurricane Helene. Our team has been working endlessly to make sure these communities in Western North Carolina have the resources they need during this challenging time. If you're looking to help out those in need, there are many ways to do so. We have included those options here: Hurricane Helene
03.09.2023

Veeam Backup & Replication vulnerability

Alert
  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 03/09/2023

Action Level - High

Description

Veeam has disclosed a high severity vulnerability in their Backup & Replication component. If exploited, it could allow an unauthenticated attacker to obtain encrypted credentials and potentially gain access to backup infrastructure hosts.

Affected Versions

  • Veeam Backup & Replication 12 - builds prior to 12.0.0.1420 P20230223
  • Veeam Backup & Replication 11a and earlier - builds prior to 11.0.1.1261 P20230227

Attack Vector

An attacker with network or local access to the Veeam Backup & Replication server. 

Attack Feasibility 

There are currently no known exploits for this vulnerability

Mitigation

If you use an all-in-one Veeam appliance with no remote backup components, blocking external access to the appliance on TCP 9401 may temporarily mitigate the exploit.

Remediation

Update to a fixed build.

Vendor Resources

Veeam KB ID 4424 (includes links to fixed build versions)

MCNC
PO Box 12889
3021 East Cornwallis Road
RTP, NC 27709-2889
919-248-1900 Phone | 919-248-1101 Fax
Connect With Us
  • linkedin
  • instagram
  • x
  • facebook
  • youtube
© 2024 MCNC