November 7, 2023 at 11:42AM
Veeam Software has released patches for four severe security vulnerabilities in its Veeam ONE product. The vulnerabilities could lead to remote code execution attacks and password acquisition. Administrators are urged to promptly download and install the patches. There is no evidence of the vulnerabilities being exploited, but attackers have previously targeted Veeam backup solutions.
During the meeting, it was discussed that Veeam Software has released patches for four severe security vulnerabilities affecting its Veeam ONE product. These vulnerabilities could potentially lead to remote code execution attacks.
The first critical issue, labeled as CVE-2023-38547 (CVSS 9.9), exposes a security defect that allows an unauthorized user to gain information about the SQL server connection used by Veeam ONE to access its configuration database. This could potentially result in remote code execution on the SQL server hosting the Veeam ONE configuration database.
The second critical issue, tracked as CVE-2023-38548 (CVSS 9.8), enables an attacker who has access to the Veeam ONE Web Client to obtain the hashed password for the Veeam ONE Reporting Service.
Veeam also addressed a medium-severity issue (CVE-2023-38549) that permits an attacker with ‘power user’ privileges to acquire the access token of a Veeam ONE administrator. However, successful exploitation of this issue requires interaction from the administrator.
Furthermore, a fourth issue (CVE-2023-41723) has been resolved to prevent attackers with read-only access from accessing the application’s dashboard schedule.
To mitigate these security vulnerabilities, Veeam has released hotfixes for Veeam ONE versions 11, 12, and 13. It is recommended for administrators to download and install these patches promptly.
While Veeam has not reported any exploitation of these vulnerabilities, it is worth mentioning that attackers have previously targeted flaws in Veeam’s backup solutions.