CVE-2023-27532

high

Description

Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.

References

https://news.sophos.com/en-us/2025/04/01/sophos-mdr-tracks-ongoing-campaign-by-qilin-affiliates-targeting-screenconnect/

https://www.security.com/threat-intelligence/ransomhub-betruger-backdoor

https://www.helpnetsecurity.com/2025/03/20/ransomhub-affiliate-leverages-multi-function-betruger-backdoor/

https://www.bleepingcomputer.com/news/security/critical-veeam-rce-bug-now-used-in-frag-ransomware-attacks/

https://thehackernews.com/2024/10/ransomware-gangs-use-lockbits-fame-to.html

https://blog.talosintelligence.com/akira-ransomware-continues-to-evolve/

https://therecord.media/veam-vulnerability-exploited-ransomware-cisa-kev

https://www.bleepingcomputer.com/news/security/akira-and-fog-ransomware-now-exploiting-critical-veeam-rce-flaw/

https://www.welivesecurity.com/en/eset-research/cosmicbeetle-steps-up-probation-period-ransomhub

https://thehackernews.com/2024/09/cosmicbeetle-deploys-custom-scransom.html

https://www.securityweek.com/year-old-veeam-vulnerability-exploited-in-fresh-ransomware-attacks/

https://blogs.blackberry.com/en/2024/07/akira-ransomware-targets-the-latam-airline-industry

https://www.group-ib.com/blog/estate-ransomware/

https://thehackernews.com/2024/07/new-ransomware-group-exploiting-veeam.html

https://news.sophos.com/en-us/2023/12/21/akira-again-the-ransomware-that-keeps-on-taking/

https://thehackernews.com/2023/12/behind-scenes-of-matveevs-ransomware.html

https://www.veeam.com/kb4424

Details

Source: Mitre, NVD

Published: 2023-03-10

Updated: 2025-03-13

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N