July 12, 2024 at 08:15AM
Ransomware groups have been exploiting a year-old vulnerability in Veeam Backup & Replication, tracked as CVE-2023-27532 with a CVSS score of 7.5. Exploitation allows extraction of encrypted credentials and cleartext credentials, leading to data exfiltration and unauthorized access. Patched versions 12 and 11a address the vulnerability – organizations should update.
Based on the given meeting notes, it is evident that multiple ransomware groups have been exploiting a year-old vulnerability in Veeam Backup & Replication. The vulnerability is tracked as CVE-2023-27532 with a CVSS score of 7.5. Proof-of-concept (PoC) code targeting it was published, and the first exploitation of unpatched instances was seen in April 2023.
Several cybersecurity firms, such as Veeam, Horizon3.ai, CISA, Group-IB, and BlackBerry, have reported on different instances of exploitation, indicating the severity and widespread nature of the issue. Exploitation of the vulnerability has led to data exfiltration, creation of rogue user accounts, deployment of additional tools, and compromise of sensitive data.
It is important for organizations to be aware of the vulnerability’s impact and to take action by installing the necessary patches. Specifically, Veeam Backup & Replication versions 12 and later, as well as version 11a and later, address CVE-2023-27532. It is recommended for organizations to promptly install these iterations on their Veeam Backup & Replication servers to mitigate the risk of exploitation.