Veeam, a renowned provider of backup, disaster recovery, and intelligent data management software for virtual, physical, and multi-cloud infrastructures, has recently issued security updates to address four significant vulnerabilities in its Veeam ONE IT monitoring and analytics platform. Among these, two vulnerabilities are classified as critical, posing a substantial risk to organizations relying on this software for their IT infrastructure monitoring and analytics.

Understanding the Risks: Detailed Vulnerability Analysis

  • CVE-2023-38547 (CVSSv3 Score: 9.9): This critical vulnerability allows unauthenticated attackers to exploit the system and gain information about the SQL server connection utilized by Veeam ONE. The exploitation of this vulnerability could potentially enable attackers to execute remote code on the SQL server, leading to a significant security breach.
  • CVE-2023-38548 (CVSSv3 Score: 9.8): This vulnerability exposes the NTLM hash of the account used by the Veeam ONE Reporting Service to an unprivileged user with access to the Veeam ONE Web Client. Such exposure could facilitate unauthorized access to sensitive information or systems.
  • CVE-2023-38549 (CVSSv3 Score: 4.5): This vulnerability pertains to a cross-site scripting (XSS) issue that allows a user with the Veeam ONE Power User role to acquire the access token of a user with the Veeam ONE Administrator role, potentially leading to unauthorized access.
  • CVE-2023-41723 (CVSSv3 Score: 4.3): This vulnerability enables a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule, which might inadvertently expose sensitive information.

Affected Products and Solutions

The vulnerabilities affect various versions of Veeam ONE, including versions 11, 11a, and 12. To mitigate these vulnerabilities, Veeam has provided updated files for the following versions:

  • Veeam ONE 11 (11.0.0.1379)
  • Veeam ONE 11a (11.0.1.1880)
  • Veeam ONE 12 P20230314 (12.0.1.2591)

Mitigation Recommendations

Organizations using the affected versions of Veeam ONE are urged to take immediate action to secure their systems. The recommended steps include:

  1. Service Management: Temporarily stop the Veeam ONE Monitoring and Reporting services to prevent any potential exploitation during the update process.
  2. Patch Application: Download and apply the hotfix provided by Veeam. This involves replacing the existing vulnerable files with the updated ones provided in the security patch.
  3. Service Restoration: Restart both the Veeam ONE Monitoring and Reporting services after applying the hotfix to ensure that the system is fully protected with the updates in effect.

The Importance of Timely Updates

The discovery of these vulnerabilities underscores the critical importance of maintaining up-to-date software to safeguard against potential threats. In light of recent events where vulnerabilities in related software were exploited by threat actors, including FIN7 and BlackCat ransomware operators, it is paramount for organizations to promptly apply security updates and patches to prevent unauthorized access, security breaches, and data loss.

Final Thoughts

The proactive identification and resolution of these vulnerabilities by Veeam highlight the ongoing challenges and importance of cybersecurity in the digital age. Organizations must remain vigilant, regularly update their software, and follow best practices for IT security to protect their critical infrastructure from emerging threats. By taking the recommended steps to patch the identified vulnerabilities in Veeam ONE, businesses can ensure the continued security and integrity of their IT monitoring and analytics platforms, thereby safeguarding their operational continuity and sensitive data.

Also Read: