Comprehensive data protection for all workloads
Post Reply
burakcansari
Novice
Posts: 3
Liked: never
Joined: Mar 09, 2023 8:47 am
Contact:

About Vulnerability CV-2023-27532

Post by burakcansari »

Hello All,

I am using Esxi 6.7 U3 and Veeam 9.5 U4B. What should I do within the scope of Vulnerability CV-2023-27532.Do my licenses support new versions?

Thanks.
Mildur
Product Manager
Posts: 10110
Liked: 2696 times
Joined: May 13, 2017 4:51 pm
Full Name: Fabian K.
Location: Switzerland
Contact:

Re: About Vulnerability CV-2023-27532

Post by Mildur » 1 person likes this post

Hello

V9.5 is end of life since approximately two years.
If you have an active maintenance contract on your license, you can update.

Upgrade path will be:
Veeam 9.5 U4B (build 9.5.4.2866) to V11a (11.0.1.1261 P20230227) with the V11a ISO.
When you are on V11a, you can decide if you want to upgrade to V12.

Workaround without updating: If you use a All-In-One Server (no additional machines with Veeam components installed), you can block all incoming connections to port TCP 9401.

Best,
Fabian
Product Management Analyst @ Veeam Software
burakcansari
Novice
Posts: 3
Liked: never
Joined: Mar 09, 2023 8:47 am
Contact:

Re: About Vulnerability CV-2023-27532

Post by burakcansari »

Hello,

If my license doesn't have an active maintenance contract, what else would you recommend? What should I do other than block all incoming connections to port TCP 9401 ?

Thanks for your kind response.

Best Regards.
Mildur
Product Manager
Posts: 10110
Liked: 2696 times
Joined: May 13, 2017 4:51 pm
Full Name: Fabian K.
Location: Switzerland
Contact:

Re: About Vulnerability CV-2023-27532

Post by Mildur » 1 person likes this post

If you use the free version of Veeam Backup & Replication (limited to 10 workloads), you can update without an active maintenance contract.
If you have a commercial license (Socket) for Veeam 9.5, it must have active maintenance to let you upgrade to a new version.

The affected component is mandatory for restores. So without the capability to upgrade, you only can block the port for those All-In-Server. Your backup server version will however remain affected by much higher severity issues we have released patches for 1 year ago > https://www.veeam.com/kb4288

You should consider getting a license with active maintenance again if you use your backup server for production workloads. Talk to your Veeam sales reps or a reseller what the options are with your current license.

Best,
Fabian
Product Management Analyst @ Veeam Software
Post Reply

Who is online

Users browsing this forum: Bing [Bot], Google [Bot], Semrush [Bot], tecnico26 and 85 guests