On Thursday, March 9th, Veeam released a patch for a high severity security vulnerability with the identifier CVE-2023-27532. This vulnerability has a CVSS score of 7.5 and may allow unauthenticated users to obtain encrypted credentials and could lead to them gaining access to backup infrastructure hosts.
7.5/10
A CVSS score is rated on a scale of 1-10 with 1 being “eh, whatever” and 10 being “turn off the internet”. So what does this mean for you?
A 7.5 REQUIRES attention!
Veeam Backup and Replication versions 11 and 12 are impacted and should be patched as soon as reasonably possible without impacting production workloads. If your Veeam software has not been updated in the last several months, multiple updates may need to be done before this fix can be implemented. You can access the patches and instructions here.
If you are already a Vista managed backup client, no action is required on your part at this time. The Vista services team already has plans in place and action on remediation is in progress.
If you are not a managed client and would like assistance, please reach out to Vista as soon as possible – we’d be glad to help. Contact Us Today!
