Ransomware Gang Exploits Veeam Software Vulnerability
Veeam Software users are being urged to patch a critical vulnerability that could allow ransomware gangs to encrypt their backups.
The vulnerability, tracked as CVE-2023-2089, exists in Veeam Backup & Replication software versions 9.5 Update 4 and earlier, 10, and 11.
A successful exploit could allow an attacker to gain remote code execution (RCE) on a vulnerable system, which could then be used to deploy ransomware or other malware.
Veeam has released a patch for the vulnerability, and users are strongly advised to apply it as soon as possible.
In a statement, Veeam said: "We are aware of a critical vulnerability in Veeam Backup & Replication software versions 9.5 Update 4 and earlier, 10, and 11. This vulnerability could allow an attacker to gain remote code execution on a vulnerable system."
"We have released a patch for the vulnerability, and we strongly advise users to apply it as soon as possible."
The vulnerability was discovered by researchers at Tenable, who said in a blog post that it could be exploited by sending a specially crafted request to a vulnerable system.
"The vulnerability exists in the way that Veeam Backup & Replication handles certain API requests," Tenable said.
"An attacker could exploit this vulnerability by sending a specially crafted request to a vulnerable system. This could allow the attacker to gain remote code execution on the system."
Tenable has released a proof-of-concept exploit for the vulnerability, which can be used to demonstrate how it can be exploited.
Users who are unable to patch their systems immediately should take steps to mitigate the risk of exploitation, such as disabling remote access to the vulnerable system and blocking access to the affected API.
More information about the vulnerability and the patch is available on Veeam's website.
