Veeam is a huge provider of backup services, as evidenced by the fact that it has more than 450,000 customers worldwide, including 81% from the Fortune 500 and 70% from the Global 2000. This makes it a attractive target. Veeam has issued a warning to its customers, advising them to update their software as soon as the company has patched a vulnerability that allows an unauthenticated user to request encrypted credentials. The warning comes from the provider of data protection and disaster recovery software. The CVSS rating for the vulnerability in Veeam is 7.5, which may seem like an unexpectedly low score.
Users who have their Veeam environments set up correctly, such as being on an isolated network/subnet and having a properly configured firewall, should only have the port in question open to other Veeam servers. This may be the case because the vulnerability sounds concerning, but users who have their Veeam environments configured correctly should not have the port in question open.
Please upgrade to a supported version of Veeam Backup & Replication before proceeding if you are using an older version of the software. If you are using a Veeam All-in-One appliance that does not include any remote backup infrastructure components, another option is available as a workaround until the patch is installed. This option involves blocking external connections to TCP port 9401 on the backup server’s firewall. The Veeam Backup & Replication server needs to have the patch installed. There is no doubt that the people who pose a threat will investigate the possibility of reverse engineering the patch to determine how to exploit the vulnerability in the near future. future. The Veeam.Backup.Service.exe program, which by default listens on TCP port 9401, is the one that can be exploited. VEEAM has made a patch available to address the security flaw.
A common target is backup software. The Veeam vulnerability advisory came days after CISA issued a warning about attackers using ConnectWise server backup software in the public. Essentially, attackers navigated back from backup systems to live settings from where they could steal sensitive data or spread malware at will.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He has also worked for security companies such as Kaspersky Lab. His daily work includes investigating new malware and cybersecurity incidents. He also has a deep level of knowledge in mobile security and mobile vulnerabilities.
Send news tips to [email protected] or www.instagram.com/iicsorg/
You can also find us on Telegram www.t.me/noticiasciberseguridad