Veeam Patches High-Severity Vulnerability as Exploitation of Previous Flaw Expands

Zero-day vulnerability exploited in the wild

Veeam has released a patch for a high-severity vulnerability (CVE-2023-23573) in its Backup & Replication software that allows remote attackers to execute arbitrary code on vulnerable systems. The vulnerability, which was disclosed on August 10, 2023, is a privilege escalation flaw that could allow attackers to gain SYSTEM privileges on affected systems.

Veeam has also confirmed that the vulnerability has been exploited in the wild, and has urged customers to patch their systems as soon as possible.

What is the vulnerability?

The vulnerability is caused by a flaw in the way that Veeam Backup & Replication handles permissions for certain files and directories. An attacker could exploit this vulnerability by tricking a Veeam Backup & Replication user into opening a specially crafted file or folder, which could then allow the attacker to execute arbitrary code on the affected system.

Who is affected by the vulnerability?

The vulnerability affects all versions of Veeam Backup & Replication prior to version 11.0.1.3209.

What should you do?

Veeam has released a patch for the vulnerability, which can be downloaded from the Veeam website. Customers are urged to patch their systems as soon as possible.

In addition to patching, customers can also take the following steps to mitigate the risk of exploitation:

• Disable the Veeam Backup & Replication service if it is not needed.
• Restrict access to the Veeam Backup & Replication server to only authorized users.
• Use a firewall to block unauthorized access to the Veeam Backup & Replication server.
• Keep your software up to date, including the latest security patches.
• Use strong passwords and two-factor authentication to protect your accounts.

For more information, please refer to Veeam's security advisory: https://www.veeam.com/security-advisory-veeam-backup-replication-high-severity-vulnerability-cve-2023-23573.html