November 6, 2023 at 04:59PM
Veeam has released hotfixes to address four vulnerabilities in its Veeam ONE IT infrastructure monitoring and analytics platform. Two of the vulnerabilities are critical and allow attackers to gain remote code execution and steal NTLM hashes. The remaining two are medium-severity bugs. The company has provided hotfixes for actively supported Veeam ONE versions. Veeam software is widely used globally, including by Fortune 500 companies.
Key takeaways from the meeting notes:
1. Veeam has released hotfixes to address four vulnerabilities in the Veeam ONE IT infrastructure monitoring and analytics platform. Two of these vulnerabilities are critical, allowing attackers to gain remote code execution and steal NTLM hashes.
2. The critical vulnerabilities have high severity ratings (9.8 and 9.9/10 CVSS base scores) and pose significant risks. The other two vulnerabilities are medium-severity bugs that either require user interaction or have limited impact.
3. The first critical vulnerability (CVE-2023-38547) allows an unauthenticated user to gain information about the SQL server connection used by Veeam ONE, potentially leading to remote code execution on the SQL server.
4. The second critical vulnerability (CVE-2023-38548) enables an unprivileged user with access to the Veeam ONE Web Client to acquire the NTLM hash of the Veeam ONE Reporting Service account.
5. One of the fixed vulnerabilities (CVE-2023-38549) could allow attackers with Power User roles to steal the access token of an admin in a Cross-Site Scripting (XSS) attack, which requires user interaction.
6. The fourth vulnerability (CVE-2023-41723) can be exploited by malicious actors with the Read-Only User role to access the Dashboard Schedule, although they cannot make changes.
7. The vulnerabilities impact actively supported Veeam ONE versions, and hotfixes have been released for the affected versions. Admins are advised to download and deploy the hotfixes by stopping the Veeam ONE monitoring and reporting services, replacing the files on affected servers, and restarting the services.
8. In addition to the Veeam ONE vulnerabilities, a high-severity Backup Service vulnerability (CVE-2023-27532) in the Backup & Replication software was previously patched. It was targeted by the FIN7 threat group and the Cuba ransomware gang in separate attacks.
9. Veeam is a widely used software, with over 450,000 customers globally, including many Fortune 500 companies and Global 2,000 organizations.