Several serious security flaws have been found in the Veeam ONE platform for analytics and IT infrastructure monitoring. These vulnerabilities may result in data breaches, illegal access, and NTLM hash theft. To fix these problems, Veeam has published security patches and issued a warning. Read this Cybersecurity Threat Advisory on recommendations to mitigate risks and protect Veeam environments.

Multiple vulnerabilities have been found in Veeam ONE, an IT infrastructure monitoring and analytics platform. CVE-2023-38547, CVE-2023-38548, and CVE-2023-41723 affect Veeam ONE versions 11, 11a, and 12. CVE-2023-38549 affects only Veeam ONE 12.

The initial two vulnerabilities, CVE-2023-38547 and CVE-2023-38548, are rated critical. CVE-2023-38547 can permit an unauthenticated user to access Veeam ONE’s configuration database’s SQL server connection information, potentially leading to remote code execution on the SQL server. CVE-2023-38548 enables unprivileged Veeam ONE Web Client users to obtain the access token of a Veeam ONE Administrator. These weaknesses might permit aggressors to take NTLM hashes and exploit other security shortcomings. Veeam has recognized these issues and delivered security updates to address the weaknesses.

What is the exposure or risk?

These vulnerabilities come with significant risk and exposure. Attackers may be able to obtain sensitive data exfiltration, compromise vital systems, and obtain unauthorized access to an organization’s IT infrastructure if they are successful in their exploit. The effect of a breach may increase if NTLM hashes are stolen since they may allow for more exploitation and lateral movement throughout the network. A successful attack may result in reputational harm as well as monetary losses.