CVE-2023-38548

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Nov 7, 2023
Updated: Nov 14, 2023

Summary

CVE-2023-38548 is a newly disclosed vulnerability affecting Veeam ONE. This issue grants unprivileged users, who have access to the Veeam ONE Web Client, the capability to obtain the NTLM hash of the account utilized by the Veeam ONE Reporting Service. This represents a potential security risk, as NTLM hashes can be used in various attacks, such as pass-the-hash or pass-the-ticket attacks, to gain unauthorized access to systems or services. The exploitation of this vulnerability does not necessitate elevated privileges, and the impact extends beyond the targeted system, making it a significant concern for organizations utilizing Veeam ONE.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share