![]() The company also added to the confusion and doubt by initially listing the wrong CVE number for the flaw. The email created some confusion with customers, because it was sent out before the knowledge base documents pointing to the patches / security updates were published, making some wonder whether it was a well-crafted phishing email aimed at tricking them into downloading malware. ![]() The email sent by the company to users notifying them of the flaw and the need to patch also did not offer much insight, but noted that “if you use an all-in-one Veeam appliance with no remote backup infrastructure components, you can also block external connections to port TCP 9401 in the backup server firewall as a temporary remediation until the patch is installed.” Obtaining encrypted credentials might ultimately allow attackers to gain access to the backup infrastructure hosts, the company noted. The nature of CVE-2023-27532 has not been explained – Veeam only says that “the vulnerable process, (TCP 9401 by default), allows an unauthenticated user to request encrypted credentials.” ![]() Veeam Software has patched CVE-2023-27532, a high-severity security hole in its widely-used Veeam Backup & Replication solution, and is urging customer to implement the fix as soon as possible. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |