[ad_1]
Veeam launched hotfixes at present to handle 4 vulnerabilities within the firm’s Veeam ONE IT infrastructure monitoring and analytics platform, two of them vital.
The firm assigned nearly most severity rankings (9.8 and 9.9/10 CVSS base scores) to the vital safety flaws since they let attackers acquire distant code execution (RCE) and steal NTLM hashes from susceptible servers. The remaining two are medium-severity bugs that require consumer interplay or have restricted affect.
“A vulnerability in Veeam ONE permits an unauthenticated consumer to realize details about the SQL server connection Veeam ONE makes use of to entry its configuration database. This could result in distant code execution on the SQL server internet hosting the Veeam ONE configuration database,” an advisory printed at present says in regards to the bug tracked as CVE-2023-38547.
“A vulnerability in Veeam ONE permits an unprivileged consumer who has entry to the Veeam ONE Web Client the flexibility to accumulate the NTLM hash of the account utilized by the Veeam ONE Reporting Service,” the corporate says when describing the second vital vulnerability (CVE-2023-38548) patched at present.
Veeam additionally fastened a safety flaw tracked as CVE-2023-38549 that would let attackers with Power User roles steal the entry token of an admin in a Cross-Site Scripting (XSS) assault, which requires consumer interplay from somebody with the Veeam ONE Administrator function.
CVE-2023-41723, the fourth vulnerability addressed at present, may be exploited by malicious actors with the Read-Only User function to entry the Dashboard Schedule (the attacker cannot make adjustments).
These flaws affect actively supported Veeam ONE variations as much as the most recent launch, and the corporate has launched the next hotfixes to patch them (obtain hyperlinks can be found in this safety advisory):
- Veeam ONE 12 P20230314 (12.0.1.2591)
- Veeam ONE 11a (11.0.1.1880)
- Veeam ONE 11 (11.0.0.1379)
Admins should cease the Veeam ONE monitoring and reporting companies on impacted servers, substitute the information on the disk with the information within the hotfix, and restart the companies to deploy the hotfixes.
In March, Veeam additionally fastened a high-severity Backup Service vulnerability (CVE-2023-27532) within the Backup & Replication software program that can be utilized to breach backup infrastructure hosts.
This flaw was later focused in assaults linked to the financially motivated FIN7 menace group, identified for its connections with a number of ransomware operations, together with the Conti syndicate, REvil, Maze, Egregor, and BlackBasta.
Months later, the Cuba ransomware gang exploited the bug to focus on vital infrastructure organizations within the United States and IT companies in Latin America.
Veeam says its software program is utilized by greater than 450,000 prospects globally, encompassing 82% of Fortune 500 firms and 72% of these listed within the Global 2,000 annual rating.