Three patches should address four vulnerabilities in Veaam ONE. Two of the vulnerabilities Veeam itself marks as critical.
Two vulnerabilities in Veeam ONE receive about the maximum CVSS score from Veeam. Abuse of one vulnerability enables hackers to perform remote code execution and the other to steal NTLM hashes.
However, a total of four vulnerabilities from the IT monitoring tool are fixed. Two more are less critical, but this does not mean these are insignificant problems. The exploitation only requires more privileges, up to the Power User and the Read-Only User role, and the cooperation of a Veeam employee.
Solution
The vulnerabilities were found on all currently supported Veeam ONE versions up to the most recent releases. To address the issues, it is important to install three patches.
Installation is done by turning off the Veeam ONE monitoring services, replacing the files on the disk with the files from the patch and rebooting the device.
Focus on cybersecurity
The company has recently announced the Data Platform 23H2 update. In it, the focus is on preparing for security incidents. Those who want to organize their company’s digital security properly know that installing patches is also very important.
Also read: Veeam 23H2 update adds malware detection and Sophos partnership