Three patches address four vulnerabilities in Veaam ONE. Veeam itself marks two of the vulnerabilities as critical.
Two vulnerabilities in Veeam ONE get about Veeam’s maximum CVSS score. Exploitation of one vulnerability allows hackers to perform remote code execution and the other to steal NTLM hashes.
However, a total of four vulnerabilities from the IT monitoring tool are resolved. These are two less critical, but not unimportant, problems. The exploitation only requires increased privileges, up to the Power User role and the Read-Only User role, and the cooperation of a Veeam employee.
Solution
The vulnerabilities were found on all currently supported Veeam ONE versions, up to the most recent releases. To address the problems it is important to install three patches.
The installation is done by disabling the Veeam ONE monitoring services, replacing the files on the disk with the files from the patch and restarting the device.
Focus on cybersecurity
The company recently announced the Data Platform 23H2 update. The focus is on preparing for security incidents. Anyone who wants to properly organize the digital security of their company knows that installing patches is also very important.
Also read: Veeam 23H2 update adds malware detection and Sophos collaboration
