Veeam, a software backup and recovery company, has released hotfixes to ensure the integrity and safety of its ONE IT infrastructure monitoring and analytics platform.
These vulnerabilities posed significant risks, allowing attackers to potentially gain remote code execution (RCE) and steal NTLM hashes from vulnerable servers.
The severity of the critical flaws, with maximum CVSS base scores of 9.8 and 9.9 out of 10, underscored the severity of the situation. The first vulnerability, CVE-2023-38547, exposed an unauthenticated user’s ability to obtain information about the SQL server connection that Veeam ONE uses to access its configuration database, potentially leading to remote code execution on the SQL server.
The second critical vulnerability tracked as CVE-2023-38548, allowed a privileged user with access to the Veeam One Web Client to acquire the NTLM hash of the account used by the Veeam One Reporting Service, a breach with far-reaching implications.
In addition to the critical flaws, Veeam addressed two medium-severity vulnerabilities. CVE-2023-38549 could enable attackers with Power User roles to steal an admin’s access token in a Cross-Site Scripting (XSS) attack, requiring user interaction.
CVE-2023-41723, the fourth vulnerability, could be exploited by malicious actors with the Read-Only User role to access the Dashboard Schedule.
These vulnerabilities affected actively supported Veeam ONE versions up to the latest release. To mitigate the risks, Veeam has issued hotfixes for the affected versions, such as Veeam ONE 12 P20230314, Veeam ONE 11a, and Veeam ONE 11. System administrators are advised to stop the Veeam ONE monitoring and reporting services on affected servers, replace the files on the disk with the hotfix files, and then restart the services to implement the necessary fixes.
Veeam is widely used by more than 450,000 customers globally, including many Fortune 500 companies.
In the News: OpenAI debuts GPT-4 Turbo and custom GPTs
