Operational Defect Database
BugZero found this defect 265 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
Veeam | kb4508
CVE-2023-38547 | CVE-2023-38548 | CVE-2023-38549 | CVE-2023-41723
Last update date:
1/10/2024
Affected products:
Veeam ONE
Veeam Recovery Orchestrator
Affected releases:
11
Fixed releases:
No fixed releases provided.
Description:
Issue Details
CVE-2023-38547 A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database. Affected Version(s)*: Veeam ONE 11, 11a, 12 Severity: Critical CVSS v3.1: 9.9 CVE-2023-38548 A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. Affected Version(s)*: Veeam ONE 12 Severity: Critical CVSS v3.1 score: 9.8 CVE-2023-38549 A vulnerability in Veeam ONE allows a user with the Veeam ONE Power User role to obtain the access token of a user with the Veeam ONE Administrator role through the use of XSS. Note: The criticality of this vulnerability is reduced as it requires interaction by a user with the Veeam ONE Administrator role. Affected Version(s)*: Veeam ONE 11, 11a, 12 Severity: Medium CVSS v3.1 score: 4.5 CVE-2023-41723 A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The criticality of this vulnerability is reduced because the user with the Read-Only role is only able to view the schedule and cannot make changes. Affected Version(s)*: Veeam ONE 11, 11a, 12 Severity: Medium CVSS v3.1 score: 4.3 *Vulnerability testing was only performed using actively supported versions of Veeam ONE.
Solution
A hotfix to resolve these vulnerabilities is available for the following versions: Veeam ONE 12 P20230314 (12.0.1.2591) Veeam ONE 11a (11.0.1.1880) Veeam ONE 11 (11.0.0.1379)
Download Information
Check Veeam ONE Build Number Before downloading the hotfix, check which version of Veeam ONE is installed using one of the methods below: Check under Help > About in the Veeam ONE Client. Check within Apps and Features or Programs and Features (Appwiz.cpl). Run the following command on the Veeam ONE server:
Deployment Information
Verify the version of Veeam ONE installed using one of the methods below: Check under Help > About in the Veeam ONE Client. Check within Apps and Features or Progams and Features (Appwiz.cpl). Run the following command on the Veeam ONE server:
Deployment Validation
As this is a hotfix, the build number of the software will not change. As such, validating the hotfix has been deployed requires checking the hash value of the files present and comparing them to the known hash values of the files included in the hotfix. Click the version row to expand the list of files included with the hotfix and their known SHA1 hash values.
More Information
The vulnerabilities associated with CVE-2023-38547, CVE-2023-38548, and CVE-2023-38549 were reported by Jarmo Puttonen(@putsi).
