November 7, 2023 at 12:36AM
Veeam has released security updates to address four vulnerabilities in its ONE IT monitoring and analytics platform. Two of the flaws are rated critical and can lead to remote code execution and obtaining sensitive information. The affected versions are 11, 11a, and 12, and users are advised to install the provided fixes. Recent attacks by threat actors have exploited flaws in Veeam’s backup software to distribute malware.
Meeting Takeaways:
– Veeam has released security updates to address four vulnerabilities in its ONE IT monitoring and analytics platform.
– Two of the flaws are rated critical in severity (CVE-2023-38547 and CVE-2023-38548).
– CVE-2023-38547 allows an unauthenticated user to gain information about the SQL server connection and execute remote code.
– CVE-2023-38548 enables an unprivileged user with access to the Veeam ONE Web Client to obtain the NTLM hash of the account used by the Veeam ONE Reporting Service.
– CVE-2023-38549 is a cross-site scripting (XSS) vulnerability that allows a Veeam ONE Power User to obtain an access token of a Veeam ONE Administrator.
– CVE-2023-41723 permits a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule.
– The affected versions are Veeam ONE 11, 11a, and 12. Only CVE-2023-38548 impacts Veeam ONE 12.
– Fixes for the issues are available in the following versions: Veeam ONE 11 (11.0.0.1379), Veeam ONE 11a (11.0.1.1880), and Veeam ONE 12 P20230314 (12.0.1.2591).
– It is recommended for users running affected versions to stop the Veeam ONE Monitoring and Reporting services, replace the existing files with the provided hotfix, and restart the services.
– There have been recent incidents of threat actors exploiting critical flaws in Veeam backup software, including FIN7 and BlackCat ransomware.
– Follow NewsroomNetwork on Twitter and LinkedIn for more exclusive content.
Please let me know if you need any further information or assistance.