< BACK TO BLOG

14 Nov, 2023
by Steven Campbell

CVE-2023-38547 & CVE-2023-38548: Two Critical Vulnerabilities in Veeam ONE

On 6 November 2023, Veeam published security hotfixes for two critical-severity vulnerabilities impacting Veeam ONE.

CVE-2023-38547 (CVSS 9.9) could allow an unauthenticated threat actor to obtain information about the SQL server connection used by Veeam ONE to access its configuration database, which in turn could lead to remote code execution (RCE) on the SQL server hosting the product.
CVE-2023-38548 (CVSS 9.8) could allow a threat actor to obtain the NTLM hash of the account used by the Veeam ONE Reporting Service.

At this time, Arctic Wolf has not identified active exploitation of either vulnerability, nor a published proof of concept (PoC) exploit. Although threat actors have not historically targeted Veeam ONE products, obtaining RCE on the monitoring and analytics platform will likely increase the potential for threat actors to create a working PoC exploit and attempt exploitation. In 2023, multiple threat actors, including FIN7 and the Cuba ransomware group, targeted RCE vulnerabilities in Veeam’s Backup and Replication product to further compromise victim organisations.

Recommendations for CVE-2023-38547 & CVE-2023-38548

Apply Applicable Security Hotfixes to Vulnerable Versions of Veeam ONE

Arctic Wolf strongly recommends applying the latest security hotfixes to affected Veeam ONE products. Full instructions are available in the Veeam Advisory located here: https://www.veeam.com/kb4508

Veeam performed vulnerability testing against actively supported versions only.

Product	Affected Version	CVE	Fixed Version
Veeam ONE	11	CVE-2023-38547	Veeam ONE 11 (11.0.0.1379)
	11a	CVE-2023-38547	Veeam ONE 11a (11.0.1.1880)
	12	CVE-2023-38547, CVE-2023-38548	Veeam ONE 12 P20230314 (12.0.1.2591)

Note: The hotfix for 12.0.1.2591 is not compatible with Veaam ONE 12 GA (build 12.0.0.2498) and will cause the Veeam ONE Reporting Service to not start. Organizations must update to 12.0.1.2591 before applying the hotfix

Please follow your organisation’s patching and testing guidelines to avoid any operational impact.

References

Veeam Advisory
Exploitation of Veeam Backup and Replication
Cuba Ransomware Deploys New Tools: BlackBerry Discovers Targets Including Critical Infrastructure Sector in the U.S. and IT Integrator in Latin America

Steven Campbell

Steven Campbell is a Senior Threat Intelligence Researcher at Arctic Wolf Labs and has more than eight years of experience in intelligence analysis and security research. He has a strong background in infrastructure analysis and adversary tradecraft.

Continue Reading

CVE-2024-29204, CVE-2024-24996: Critical Vulnerabilities in Ivanti Avalanche

© 2024 Arctic Wolf Networks Inc. All Rights Reserved.
Privacy Notice	Terms of Use	Cookie Policy	Customer Portal Policy	Accessibility Statement	Sustainability Statement	Information Security	Cookies Settings

SOLUTIONS

INDUSTRIES

Quickly detect, respond, and recover from advanced threats.

Detect and respond to advanced threats targeting your cloud infrastructure and applications.

Discover, assess, and harden your environment against digital risks.

Explore, harden, and simplify your cloud environment against misconfiguration vulnerabilities.

Engage and prepare employees to recognise and neutralise social engineering attacks.

Recover quickly from cyber attacks and breaches, from threat containment to business restoration.

HOW IT WORKS

Delivering security operations outcomes.

Collect, enrich, analyse.

Ecosystem integrations and technology partnerships.

Tailored security expertise and guided risk mitigation.

Security experts proactively protecting you 24×7.

Meet some of the security experts working alongside you and your team.

TRENDING RESOURCES

NIS2 aims to make the EU as a whole more resilient to cyber threats and strengthen cooperation between Member States on cybersecurity.

Oracle Red Bull Racing trusts Arctic Wolf to secure its expansive IT environment and the mission-critical proprietary data it contains.

The elite security researchers, data scientists, and security developers of Arctic Wolf Labs share forward-thinking insights along with practical guidance you can apply to protect your organisation.

SECURITY BULLETINS

CVE-2024-29204, CVE-2024-24996: Critical Vulnerabilities in Ivanti Avalanche

CVE-2024-3400: Follow Up: Patches Released for Actively Exploited Critical Vulnerability in GlobalProtect Feature of PAN-OS

CVE-2024-26234 for Windows and CVE-2024-29053 for Defender for IOT highlighted in Microsoft’s April 2024 Patch Tuesday

COMPANY

< BACK TO BLOG

CVE-2023-38547 & CVE-2023-38548: Two Critical Vulnerabilities in Veeam ONE

Recommendations for CVE-2023-38547 & CVE-2023-38548

References

Steven Campbell

Continue Reading

Earl Grey House
77 Grey St. 3rd Floor
Newcastle upon Tyne
NE1 6EF
UK

© 2024 Arctic Wolf Networks Inc. All Rights Reserved.

Privacy Notice

Terms of Use

Cookie Policy

Customer Portal Policy

Accessibility Statement

Sustainability Statement

Information Security

Cookies Settings

SOLUTIONS

INDUSTRIES

Quickly detect, respond, and recover from advanced threats.

Detect and respond to advanced threats targeting your cloud infrastructure and applications.

Discover, assess, and harden your environment against digital risks.

Explore, harden, and simplify your cloud environment against misconfiguration vulnerabilities.

Engage and prepare employees to recognise and neutralise social engineering attacks.

Recover quickly from cyber attacks and breaches, from threat containment to business restoration.

HOW IT WORKS

Delivering security operations outcomes.

Collect, enrich, analyse.

Ecosystem integrations and technology partnerships.

Tailored security expertise and guided risk mitigation.

Security experts proactively protecting you 24×7.

Meet some of the security experts working alongside you and your team.

TRENDING RESOURCES

NIS2 aims to make the EU as a whole more resilient to cyber threats and strengthen cooperation between Member States on cybersecurity.

Oracle Red Bull Racing trusts Arctic Wolf to secure its expansive IT environment and the mission-critical proprietary data it contains.

The elite security researchers, data scientists, and security developers of Arctic Wolf Labs share forward-thinking insights along with practical guidance you can apply to protect your organisation.

SECURITY BULLETINS

CVE-2024-29204, CVE-2024-24996: Critical Vulnerabilities in Ivanti Avalanche

CVE-2024-3400: Follow Up: Patches Released for Actively Exploited Critical Vulnerability in GlobalProtect Feature of PAN-OS

CVE-2024-26234 for Windows and CVE-2024-29053 for Defender for IOT highlighted in Microsoft’s April 2024 Patch Tuesday

COMPANY

CVE-2023-38547 & CVE-2023-38548: Two Critical Vulnerabilities in Veeam ONE

Recommendations for CVE-2023-38547 & CVE-2023-38548

References

Steven Campbell

Continue Reading

Earl Grey House 77 Grey St. 3rd Floor Newcastle upon TyneNE1 6EF UK

© 2024 Arctic Wolf Networks Inc. All Rights Reserved.

Earl Grey House
77 Grey St. 3rd Floor
Newcastle upon Tyne
NE1 6EF
UK