Veeam reports critical flaws in Veeam ONE monitoring platform

published: Nov. 6, 2023

Take action: Check if your Veeam ONE is exposed to the internet. If it is, lock it down immediately to access only from trusted networks. Then start patching, it's not that big a deal. Don't delay, because an attacker may compromise it even if locked out from internet, by first attacking an employee's endpoint.


Learn More

Veeam, a software vendor that develops backup, disaster recovery, and intelligent data management software has alerted users to critical vulnerabilities within its Veeam ONE monitoring tool.

The company has patched four security issues, with two being of particular severity due to their potential for remote code execution (RCE) and for enabling the theft of NTLM hashes from affected servers. The other two vulnerabilities, while less severe, could still pose risks through user interaction or have a more limited impact.

  • CVE-2023-38547 (CVSS score 9.9) could allow an unauthenticated individual to uncover details about the SQL server connection that Veeam ONE utilizes for its configuration database, potentially leading to RCE on the SQL server that hosts the Veeam ONE database.
  • CVE-2023-38548 (CVSS score 9.8) could enable an unprivileged user with access to the Veeam ONE Web Client to obtain the NTLM hash of the account used by the Veeam ONE Reporting Service.
  • CVE-2023-38549 (CVSS score 4.5) could permit attackers with Power User privileges to hijack an admin's access token via a Cross-Site Scripting (XSS) attack, necessitating user interaction by an administrator.
  • CVE-2023-41723 (CVSS score 4.3),could allow attackers with Read-Only User status to view the Dashboard Schedule without the ability to make changes.

These vulnerabilities affect all actively supported versions of Veeam ONE up to the most recent release. Veeam has provided hotfixes for three different versions of Veeam ONE, with download links available in their security advisory.

A hotfix to resolve these vulnerabilities is available for the following versions:

  • Veeam ONE 12 P20230314 (12.0.1.2591)
  • Veeam ONE 11a (11.0.1.1880)
  • Veeam ONE 11 (11.0.0.1379)

To implement these hotfixes, administrators are required to halt the Veeam ONE monitoring and reporting services, replace certain files with those provided in the hotfixes, and then restart the services.

Veeam has a broad user base, claiming over 450,000 customers worldwide, including 82% of Fortune 500 companies and 72% of those in the Global 2,000 ranking, highlighting the importance of these security updates.

Veeam reports critical flaws in Veeam ONE monitoring platform