{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2023-086.pdf"
    },
    "title": "Critical Vulnerabilities in Veeam ONE",
    "serial_number": "2023-086",
    "publish_date": "07-11-2023 10:21:10",
    "description": "On November 6 2023, Veeam has released an advisory addressing critical vulnerabilities affecting the Veeam ONE product. These vulnerabilities could allow an attacker to steal NTLM hashes, or to achieve Remote Code Execution.<br>\nVeeam has released hotfixes for these vulnerabilities, and it is recommended applying them as soon as possible.<br>\n",
    "url_title": "2023-086",
    "content_markdown": "---\ntitle: 'Critical Vulnerabilities in Veeam ONE'\nnumber: '2023-086'\nversion: '1.0'\noriginal_date: 'November 6, 2023'\ndate: 'November 7, 2023'\n---\n\n_History:_\n\n* _07/11/2023 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn November 6 2023, Veeam has released an advisory [1] addressing critical vulnerabilities affecting the Veeam ONE product. These vulnerabilities could allow an attacker to steal NTLM hashes, or to achieve Remote Code Execution.\n\nVeeam has released hotfixes for these vulnerabilities, and it is recommended applying them as soon as possible.\n\n# Technical Details\n\n- The vulnerability `CVE-2023-38548`, with a CVSS score of 9.8 out of 10, could allow an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service.\n- The vulnerability `CVE-2023-38547`, with a CVSS score of 9.9 out of 10, could allow an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database.\n\n# Affected Products\n\n- The vulnerability `CVE-2023-38547` affects Veeam ONE 11, 11a, 12. \n- The vulnerability `CVE-2023-38548` Veeam ONE 12.\n\nVersions outside of the support window (i.e., versions that have reached End-of-Life) may also be affected.\n\n# Recommendations\n\nCERT-EU recommends applying the hotfixes as soon as possible by following Veeam guidance [1].\n\n# References\n\n[1] <https://www.veeam.com/kb4508>",
    "content_html": "<p><em>History:</em></p><ul><li><em>07/11/2023 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On November 6 2023, Veeam has released an advisory [1] addressing critical vulnerabilities affecting the Veeam ONE product. These vulnerabilities could allow an attacker to steal NTLM hashes, or to achieve Remote Code Execution.</p><p>Veeam has released hotfixes for these vulnerabilities, and it is recommended applying them as soon as possible.</p><h2 id=\"technical-details\">Technical Details</h2><ul><li>The vulnerability <code>CVE-2023-38548</code>, with a CVSS score of 9.8 out of 10, could allow an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service.</li><li>The vulnerability <code>CVE-2023-38547</code>, with a CVSS score of 9.9 out of 10, could allow an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database.</li></ul><h2 id=\"affected-products\">Affected Products</h2><ul><li>The vulnerability <code>CVE-2023-38547</code> affects Veeam ONE 11, 11a, 12. </li><li>The vulnerability <code>CVE-2023-38548</code> Veeam ONE 12.</li></ul><p>Versions outside of the support window (i.e., versions that have reached End-of-Life) may also be affected.</p><h2 id=\"recommendations\">Recommendations</h2><p>CERT-EU recommends applying the hotfixes as soon as possible by following Veeam guidance [1].</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.veeam.com/kb4508\">https://www.veeam.com/kb4508</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}