Critical Veeam ONE Vulnerabilities Addressed
Veeam has recently released essential updates to address four security vulnerabilities in its Veeam ONE monitoring and analytics platform. Two of them are critical, and it is crucial to apply these fixes to maintain the security of your systems.
The critical vulnerabilities were given nearly the highest severity ratings (9.8 and 9.9 out of 10 on the CVSS base scores). These vulnerabilities could allow attackers to execute remote code and steal NTLM hashes from vulnerable servers, posing a serious threat to your system’s integrity.
Veeam ONE Vulnerabilities Details
One of the critical vulnerabilities tracked as CVE-2023-38547 allows an unauthenticated user to gain information about the SQL server connection used by Veeam ONE to access its configuration database. This could potentially lead to remote code execution on the SQL server hosting the Veeam ONE configuration database.
The second critical vulnerability, identified as CVE-2023-38548, enables an unprivileged user with access to the Veeam ONE Web Client to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. This poses a significant risk and has been promptly addressed in the latest update.
Additionally, Veeam has fixed a security flaw, CVE-2023-38549, that could allow attackers with Power User roles to steal the access token of an admin in a Cross-Site Scripting (XSS) attack, requiring user interaction from someone with the Veeam ONE Administrator role.
The fourth vulnerability, CVE-2023-41723, addressed in this update, can be exploited by malicious actors with the Read-Only User role to access the Dashboard Schedule without the ability to make changes.
These Veeam ONE vulnerabilities impact actively supported versions up to the latest release. To ensure the security of your systems, Veeam has provided hotfixes for the following versions:
- Veeam ONE 12 P20230314 (12.0.1.2591)
- Veeam ONE 11a (11.0.1.1880)
- Veeam ONE 11 (11.0.0.1379)
To apply these fixes, administrators need to stop the Veeam ONE monitoring and reporting services on affected servers, replace the files on the disk with the files in the hotfix, and then restart the services to deploy the updates.
Conclusion
It’s worth noting that Veeam has a substantial user base, with its software being used by over 450,000 customers globally, including 82% of Fortune 500 companies and 72% of those listed in the Global 2,000 annual ranking. Ensuring the prompt application of these updates is crucial for safeguarding your systems against potential security threats.
This effort to address Veeam ONE vulnerabilities follows Veeam’s recent fix for a high-severity Backup Service vulnerability (CVE-2023-27532) in the Backup and Replication software. This vulnerability was targeted in attacks linked to the financially motivated FIN7 threat group, known for its connections with multiple ransomware operations. Stay vigilant and prioritize the security of your systems by promptly applying these updates.
The sources for this article can be found on BleepingComputer.