overview

Veeam ONE recently patched four critical vulnerabilities that exposed users to remote code execution attacks. The vulnerabilities addressed in these patches are: 

  • CVE-2023-38547 – this vulnerability allows an unauthenticated user to gain information about the SQL server, potentially leading to remote code execution on the server hosting Veeam ONE. This vulnerability is assessed as “SEVERE” and affects Veeam ONE version 11, 11a, and 12. 
  • CVE-2023-38548 - this vulnerability allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. This vulnerability is assessed as “CRITICAL” and affects Veeam ONE version 12. 
  • CVE-2023-38549 - this vulnerability allows a user with the Veeam ONE Power User role to obtain the access token of a user with the Veeam ONE Administrator role through the use of XSS. This vulnerability is assessed as “MEDIUM” because it requires interaction by a user with the Veeam ONE Administrator role, and affects Veeam ONE versions 11, 11a, and 12. 
  • CVE-2023-41723 – this vulnerability allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. This vulnerability is assessed as “MEDIUM” because the user with the Read-Only role is only able to view the schedule and cannot make changes and it affects Veeam ONE versions 11, 11a, and 12.  

 

 

avertium's recommendationS

Avertium recommends applying the appropriate patches as soon as possible. For patch guidance, please see the appropriate Veeam ONE KB article  

 

 

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with any of the vulnerabilities listed above. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

 

 

How Avertium is Protecting Our CUSTOMERS

  • Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium offers Attack Surface Management, so you’ll have no more blind spots, weak links, or fire drills. See every threat in your attack surface, every device, every entry point, and every vulnerability. Our Attack Surface Management services include:  
    • Risk Assessments 
    • Pen Testing and Social Engineering  
    • Infrastructure Architecture and Integration  
    • Zero Trust Network Architecture 
    • Vulnerability Management 
  • To identify the source of your breach and the scope that it reached; you’ll want to include Avertium’s Digital Forensic and Incident Response (DFIR) services in your protection plan. We offer DFIR to mitigate damage from a successful breach.   
  • Avertium simplifies Governance, Risk, and Compliance (GRC) by providing contextual understanding instead of unnecessary complexity. With our cross-data, cross-industry, and cross-functional expertise, we enable you to meet regulatory requirements and demonstrate a robust security posture without any vulnerabilities. Our GRC services include:   
    • Cyber Maturity
    • Compliance Assessments and Consulting
    • Managed GRC

 

 

SUPPORTING DOCUMENTATION

https://www.veeam.com/kb4508 

https://www.securityweek.com/critical-vulnerabilities-expose-veeam-one-software-to-code-execution/ 

 
Chat With One of Our Experts



Remote Code Execution (RCE) vulnerabilities Remote Code Execution vulnerabilities Flash Notice Critical Vulnerability Veeam Blog