Veeam has swiftly responded to security concerns by releasing updates that target four vulnerabilities in its ONE IT monitoring and analytics platform, two of which hold critical severity ratings.
Veeam Vulnerabilities: CVE-2023-38547, CVE-2023-38548, CVE-2023-38549, CVE-2023-41723
The identified vulnerabilities are:
- CVE-2023-38547 (CVSS score: 9.9): An unspecified flaw exploitable by an unauthenticated user to gain information about Veeam ONE’s SQL server connection, potentially leading to remote code execution on the SQL server.
- CVE-2023-38548 (CVSS score: 9.8): A flaw in Veeam ONE enabling an unprivileged user with access to the Veeam ONE Web Client to obtain the NTLM hash of the account used by the Veeam ONE Reporting Service.
- CVE-2023-38549 (CVSS score: 4.5): A cross-site scripting (XSS) vulnerability allowing a user with the Veeam ONE Power User role to obtain the access token of a user with the Veeam ONE Administrator role.
- CVE-2023-41723 (CVSS score: 4.3): A vulnerability permitting a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule.
While the first three vulnerabilities impact Veeam ONE versions 11, 11a, and 12, the fourth, CVE-2023-38548, affects only Veeam ONE 12. Fixes for these issues are available in the following versions:
- Veeam ONE 11 (11.0.0.1379)
- Veeam ONE 11a (11.0.1.1880)
- Veeam ONE 12 P20230314 (12.0.1.2591)
It is crucial for users running the affected versions to take immediate action. The recommended steps include stopping Veeam ONE Monitoring and Reporting services, replacing existing files with those provided in the hotfix, and restarting the two services.
Notably, over recent months, critical flaws in Veeam’s backup software have been exploited by various threat actors, including FIN7 and BlackCat ransomware, to distribute malware. Stay secure by applying the latest updates promptly.