Veeam has released important hotfixes to address four vulnerabilities in its IT infrastructure monitoring and analytics platform, Veeam ONE, two of which are deemed critical due to their potential severity.
The critical security flaws have been rated with almost the highest Common Vulnerability Scoring System (CVSS) base scores, marking 9.8 and 9.9 out of 10, as they can allow malicious actors to achieve remote code execution (RCE) and steal NTLM hashes from vulnerable servers. The remaining two vulnerabilities are categorized as medium-severity issues, which require user interaction or have a limited impact.
One of the critical vulnerabilities, tracked as CVE-2023-38547, could potentially allow an unauthenticated user to gain information about the SQL server connection used by Veeam ONE to access its configuration database.
This could lead to remote code execution on the SQL server hosting Veeam ONE’s configuration database. The second critical vulnerability, CVE-2023-38548, lets an unprivileged user with access to the Veeam ONE Web Client acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. The other two vulnerabilities were also addressed in the latest release.
These security flaws impacted actively supported Veeam ONE versions up to the latest release. In response, Veeam provided hotfixes for each version to patch the vulnerabilities.
Administrators are advised to stop the Veeam ONE monitoring and reporting services on impacted servers, replace the files on the disk with the files in the hotfix, and then restart the services to deploy the necessary patches promptly. These security measures aim to enhance the security and integrity of the Veeam ONE platform, preventing potential exploitation by malicious actors.