CVE-2023-27532

CVE-2023-27532 is a high-severity vulnerability found in the Veeam Backup & Replication software. This flaw, discovered and disclosed in March 2023, allows unauthenticated attackers to breach backup infrastructure hosts, posing significant risk to small and midsize businesses (SMBs) that commonly use this software. The vulnerability was exploited soon after its disclosure, but it wasn't until August that it was added to the Known Exploited Vulnerabilities (KEV) list by the Cybersecurity and Infrastructure Security Agency (CISA). Caitlin Condon, head of vulnerability research at Rapid7, highlights the importance of not solely relying on the KEV list for vulnerability management programs due to such time lags. Several cybercriminal groups have been observed exploiting this vulnerability. Notably, the Cuba ransomware group targeted a US critical infrastructure organization and an IT integrator in Latin America using CVE-2023-27532. Similarly, the CosmicBeetle group has been seen opportunistically targeting SMBs by scanning for and attempting to exploit this and other vulnerabilities, leading to smaller businesses making up the majority of their victims. The exploitation of CVE-2023-27532 indicates a shift in tactics by these groups, increasing the urgency for organizations to patch this vulnerability. In June, another campaign leveraged both the Microsoft NetLogon protocol flaw (CVE2020-1472) and the Veeam software vulnerability (CVE-2023-27532). This underscores the ongoing threat posed by CVE-2023-27532 and emphasizes the need for organizations to stay vigilant about their cybersecurity practices, promptly apply patches when available, and consistently monitor for potential exploits. The continued exploitation of this vulnerability demonstrates the importance of rapid response to disclosed vulnerabilities, particularly those with high severity ratings.