Veeam launched hotfixes at the moment to deal with 4 vulnerabilities within the firm’s Veeam ONE IT infrastructure monitoring and analytics platform, two of them vital.
The corporate assigned nearly most severity rankings (9.8 and 9.9/10 CVSS base scores) to the vital safety flaws since they let attackers achieve distant code execution (RCE) and steal NTLM hashes from susceptible servers. The remaining two are medium-severity bugs that require consumer interplay or have restricted influence.
“A vulnerability in Veeam ONE permits an unauthenticated consumer to achieve details about the SQL server connection Veeam ONE makes use of to entry its configuration database. This will result in distant code execution on the SQL server internet hosting the Veeam ONE configuration database,” an advisory printed at the moment says in regards to the bug tracked as CVE-2023-38547.
“A vulnerability in Veeam ONE permits an unprivileged consumer who has entry to the Veeam ONE Net Shopper the flexibility to accumulate the NTLM hash of the account utilized by the Veeam ONE Reporting Service,” the corporate says when describing the second vital vulnerability (CVE-2023-38548) patched at the moment.
Veeam additionally fastened a safety flaw tracked as CVE-2023-38549 that might let attackers with Energy Person roles steal the entry token of an admin in a Cross-Web site Scripting (XSS) assault, which requires consumer interplay from somebody with the Veeam ONE Administrator position.
CVE-2023-41723, the fourth vulnerability addressed at the moment, might be exploited by malicious actors with the Learn-Solely Person position to entry the Dashboard Schedule (the attacker cannot make modifications).
These flaws influence actively supported Veeam ONE variations as much as the newest launch, and the corporate has launched the next hotfixes to patch them (obtain hyperlinks can be found in this safety advisory):
- Veeam ONE 12 P20230314 (126.96.36.19991)
- Veeam ONE 11a (188.8.131.520)
- Veeam ONE 11 (184.108.40.2069)
Admins should cease the Veeam ONE monitoring and reporting providers on impacted servers, substitute the recordsdata on the disk with the recordsdata within the hotfix, and restart the providers to deploy the hotfixes.
In March, Veeam additionally fastened a high-severity Backup Service vulnerability (CVE-2023-27532) within the Backup & Replication software program that can be utilized to breach backup infrastructure hosts.
This flaw was later focused in assaults linked to the financially motivated FIN7 risk group, recognized for its connections with a number of ransomware operations, together with the Conti syndicate, REvil, Maze, Egregor, and BlackBasta.
Months later, the Cuba ransomware gang exploited the bug to focus on vital infrastructure organizations in the USA and IT companies in Latin America.
Veeam says its software program is utilized by greater than 450,000 clients globally, encompassing 82% of Fortune 500 firms and 72% of these listed within the International 2,000 annual rating.