Veeam Addresses Multiple Vulnerabilities in Veeam ONE Platform

November 7, 2023

Veeam has remedied four vulnerabilities in its IT infrastructure monitoring and analytics platform, Veeam ONE. These vulnerabilities are identified as CVE-2023-38547, CVE-2023-38548, CVE-2023-38549, and CVE-2023-41723.

The most severe vulnerability, CVE-2023-38547 with a CVSS score of 9.9, could be exploited by an unauthenticated attacker. This vulnerability could potentially expose information about the SQL server connection that Veeam ONE uses to access its configuration database. The advisory states, “A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database.” This could possibly lead to remote code execution on the SQL server hosting the Veeam ONE configuration database. The affected versions include Veeam ONE 11, 11a, and 12.

Another critical vulnerability, CVE-2023-38548 with a CVSS score of 9.8, can be exploited by an unprivileged user with access to the Veeam ONE Web Client. This vulnerability could allow the user to obtain the NTLM hash of the account used by the Veeam ONE Reporting Service. This vulnerability specifically affects Veeam ONE 12.

The remaining vulnerabilities, CVE-2023-38549 and CVE-2023-41723, are of medium severity. CVE-2023-38549, with a CVSS score of 4.5, could allow a user with the Veeam ONE Power User role to obtain the access token of a user with the Veeam ONE Administrator role by carrying out an XSS attack.

The final vulnerability, CVE-2023-41723 with a CVSS score of 4.3, could be exploited by a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. This vulnerability affects Veeam ONE versions 11, 11a, and 12.

Earlier in March, Veeam patched a high-severity flaw, CVE-2023-27532, in its Veeam Backup and Replication (VBR) software. This vulnerability could be exploited by an unauthenticated user with access to the Veeam backup service to request cleartext credentials. A remote attacker could potentially exploit this flaw to access a target organization's backup systems and execute arbitrary code as 'SYSTEM.' Post the public disclosure of the vulnerability, the researchers at Horizon3’s Attack Team released technical details and a PoC exploit code.

Related News

• Cuba Ransomware Group's Sophisticated Cyberattack Techniques Unveiled
• Cuba Ransomware Gang Exploits Veeam Vulnerability in Attacks on U.S. Critical Infrastructure
• New BlackCat Ransomware Variant Incorporates Advanced Impacket and RemCom Tools
• FIN7 Cyber Gang Resurfaces with Cl0p Ransomware in New Wave of Attacks
• FIN7 Hackers Exploit Veeam Backup & Replication Vulnerability

Latest News

• Critical Atlassian Confluence Vulnerability Exploited in Cerber Ransomware Attacks
• TellYouThePass Ransomware Exploits Apache ActiveMQ RCE Vulnerability
• QNAP Addresses Two Critical Vulnerabilities in QTS OS and Applications
• QNAP Issues Warning on Critical Command Injection Vulnerabilities in QTS OS and Apps
• Kinsing Threat Actors Exploit Looney Tunables Flaw in Cloud Environments