March 23, 2023 By Sergiu Gatlan
Cross-platform exploit code is now available for a high-severity Backup Service vulnerability impacting Veeam's Backup & Replication (VBR) software.
The flaw (CVE-2023-27532) affects all VBR versions and can be exploited by unauthenticated attackers to breach backup infrastructure after stealing cleartext credentials and gaining remote code execution as SYSTEM.
Veeam released security updates to address this vulnerability for VBR V11 and V12 on March 7, advising customers using older releases to upgrade to secure vulnerable devices running unsupported releases.
"We have developed patches for V11 and V12 to mitigate this vulnerability and we recommend you update your installations immediately," the company warned.
