Vulnerability in this Veeam Backup & Replication component allows unauthorized users to obtain encrypted credentials stored in the configuration database. The vulnerability may lead to these unauthorized users gaining access to backup infrastructure hosts. The vulnerable process Veeam.Backup.Service.exe (TCP 9401 by default) allows unauthenticated users to request encrypted credentials.
Veeam released new patches to fix this vulnerability on March 7, 2023. No Hosts restart is required after installing this patch.
The detailed information is as the link.
1. Log in to the Veeam server.
2. Download Veeam Backup & Replication 12 cumulative patch P20230223 installation package from the above link. (You need to sign in).
3. Open Veeam Backup & Replication console.
4. Click Connect on the Veeam Backup & Replication 12 page.
5. Enter the MFA Confirmation code and click Confirm.
6. Verify the existing Veeam Backup &Replication version from Veeam Backup & Replication console (Help |Abut). Please confirm you are running Veeam Backup &Replication build 12.0.0.1420 before installing this cumulative patch P20230223.
7. Ensure all jobs are successful, disable them, and close the console.
8. Exact the VeeamBackup&Replication_12.0.0.1420_20230223.zip file, run VeeamBackup&Replication_12.0.0.1420_20230223.exe.
9. Click Yes on the User Account Control page.
10. On the Welcome to cumulative patch P20230223 for Veeam Backup & Replication 12 Installation Wizard page and click Next.
11. Click Install on the Ready to Install page.
12. Click Finish on the Cumulative Patch P20230223 for Veeam Backup & Replication 12 has been Installed successfully page.
13. Open Veeam Backup & Replication console.
14. Click Connect on the Veeam Backup & Replication 12 page.
15. Enter the MFA Confirmation code and click Confirm.
16. Select all servers on the Components Update page, and click Apply.
17. On the Update page, ensure all components have been upgraded for all servers and click Finish.
18. . Verify the Veeam Backup &Replication version from Veeam Backup & Replication console (Help |Abut) and ensure the build version is 12.0.0.1420 P20230223.
19. Right-click all jobs, and unselect Disable to enable all jobs.
I hope you enjoy this post.
Cary Sun
Twitter: @SifuSun
Web Site: carysun.com
Blog Site: checkyourlogs.net
Blog Site: gooddealmart.com