Veeam has acted swiftly to release hotfixes for its Veeam ONE IT infrastructure monitoring platform, addressing four newly discovered security vulnerabilities. Among these, two are tagged as critical due to their high severity scores of 9.8 and 9.9, signaling the risk of remote code execution and NTLM hash theft.
![\"\"](\"https://ayrime.com/wp-content/uploads/2023/11/Ayrime-News-2-1.png\")
Breakdown of the Security Flaws:
- CVE-2023-38547 (CVSS 9.9): A loophole potentially leading to Remote Code Execution (RCE) via exposed SQL server connections.
- CVE-2023-38548 (CVSS 9.8): A vulnerability in the Veeam ONE Web Client that could allow NTLM hash hijacking by non-administrative users.
- CVE-2023-38549 (CVSS 4.5): An XSS flaw that might let Power Users hijack Admin access tokens.
- CVE-2023-41723 (CVSS 4.3): A permission issue allowing read-only users to view sensitive Dashboard Schedules.
These issues could potentially impact all Veeam ONE versions up to the most recent release.
How to Shield Your IT Environment:
- Patch Application: Identify if your systems are running the affected Veeam ONE versions and apply the corresponding hotfix immediately.
- Service Interruption: Temporarily disable Veeam ONE services during the patching process to avoid any conflicts.
- File Replacement: Use the hotfix package to update the Veeam ONE installation files.
- Service Restoration: Restart the services post-patch and confirm that the application is functioning correctly.
- Security Checks: Perform a thorough security scan to eliminate any breaches before the patch is applied.
- Employee Awareness: Educate your team about these vulnerabilities and encourage them to report anomalies.
- Regular Updates: Keep up with Veeam\’s updates and promptly apply any new patches.
- Enhanced Monitoring: Vigilantly monitor your systems for signs of compromise.
- Data Backup: Securely backup critical data to mitigate potential breach impacts.
The severity of these vulnerabilities is underscored by historical cyber attacks, with groups like FIN7 exploiting similar weaknesses in Veeam products. With Veeam\’s extensive user base, the potential for widespread impact is significant, making these patches critical.
Veeam\’s rapid response with hotfixes underscores the urgency—admins must act now to protect their systems.
AYRIME: Your Ally in Digital Protection
At AYRIME, we\’re not just about keeping you informed; we\’re about providing comprehensive defense strategies against such security threats. Our expert advisors are ready to help ensure your digital domain remains secure against the latest cyber challenges.
Stay secure, stay ahead—contact AYRIME for unparalleled cybersecurity solutions.
