CVE-2023-38548 : Security Advisory and Response

A vulnerability in Veeam ONE allows unauthorized users to obtain the NTLM hash of the account used by the Veeam ONE Reporting Service.

Understanding CVE-2023-38548

This CVE identifies a critical vulnerability in Veeam ONE that can be exploited by unprivileged users with access to the Veeam ONE Web Client.

What is CVE-2023-38548?

The vulnerability in Veeam ONE enables unauthorized users to extract the NTLM hash of the account utilized by the Veeam ONE Reporting Service, potentially compromising system security.

The Impact of CVE-2023-38548

With a CVSS base score of 9.8 (Critical), this vulnerability poses a significant threat by allowing attackers to potentially escalate privileges and access sensitive information.

Technical Details of CVE-2023-38548

This section delves into the specific technical aspects of the CVE.

Vulnerability Description

The vulnerability in Veeam ONE grants unauthorized users the ability to retrieve the NTLM hash of the account employed by the Veeam ONE Reporting Service, leading to potential security breaches.

Affected Systems and Versions

Veeam ONE version 12 is affected by this vulnerability, making systems with this version susceptible to exploitation.

Exploitation Mechanism

Unauthorized users with access to the Veeam ONE Web Client can exploit this vulnerability to acquire the NTLM hash of the account utilized by the Veeam ONE Reporting Service.

Mitigation and Prevention

Mitigation strategies and preventive measures to address CVE-2023-38548.

Immediate Steps to Take

Immediately apply relevant security patches and access controls to restrict unauthorized access to the Veeam ONE Web Client.

Long-Term Security Practices

Implement robust security protocols, conduct regular security assessments, and educate users on best practices to enhance overall system security.

Patching and Updates

Regularly update Veeam ONE to the latest version and apply security patches provided by the vendor to address known vulnerabilities.