CISA Alert: CVE-2023-27532 & CVE-2023-38035 Vulnerabilities Being Exploited in Attacks

CVE-2023-27532 & CVE-2024-37383

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical vulnerabilities impacting Veeam Backup & Replication and Ivanti Sentry software to its Known Exploited Vulnerabilities (KEV) Catalog. CISA is warning federal civilian executive branch (FCEB) agencies that these vulnerabilities are being actively exploited in the wild, and that they must apply the patches by September 12, 2023, to secure their networks against possible cyber attacks.

The first vulnerability, tracked as CVE-2023-27532, is an information disclosure vulnerability in Veeam Backup & Replication. This vulnerability allows an unauthenticated attacker who is operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. These credentials could then be used to gain access to the backup infrastructure hosts.

Vulnerability CVE-2023-27532 in a Veeam Backup & Replication component allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database,” Veeam noted in an advisory published in March 2022.

The second vulnerability, tracked as CVE-2023-38035, is an authentication bypass vulnerability in Ivanti Sentry. This vulnerability allows an unauthenticated attacker to access sensitive APIs that are used to configure the Ivanti Sentry on the administrator portal. Successful exploitation of this vulnerability could allow the attacker to change configuration, run system commands, or write files onto the system.

CISA is urging FCEB agencies to immediately apply the patches for these vulnerabilities. The patches for Veeam Backup & Replication are available in build 12.0.0.1420 P20230223 and build 11.0.1.1261 P20230227. The patch for Ivanti Sentry is available in version 9.19.

In addition to applying the patches, FCEB agencies should take the following steps to protect their networks from these vulnerabilities:

  • Restrict access to the backup infrastructure network perimeter to authorized personnel only.
  • Use strong passwords and two-factor authentication for all accounts that have access to the backup infrastructure.
  • Monitor your networks for signs of malicious activity.

By taking these steps, FCEB agencies can help to protect their networks from these critical vulnerabilities.

In addition to the steps outlined by CISA, organizations that use Veeam Backup & Replication or Ivanti Sentry should also consider the following:

  • Implement a vulnerability management program to scan for and patch known vulnerabilities on a regular basis.
  • Use a security information and event management (SIEM) system to monitor suspicious activity.
  • Educate employees about cybersecurity best practices.

By taking these steps, organizations can help to protect themselves from a wide range of cyber threats, including those posed by the vulnerabilities affecting Veeam Backup & Replication and Ivanti Sentry.