CVE-2023-38549

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Nov 7, 2023

Updated: Nov 14, 2023

CWE ID 79

Summary

CVE-2023-38549 is a vulnerability affecting Veeam ONE that allows unprivileged users with access to the Veeam ONE Web Client to obtain the NTLM hash of the account used by the Veeam ONE Reporting Service. This issue poses a potential security risk, as NTLM hashes can be used in various attacks, such as pass-the-hash or pass-the-ticket attacks. However, the criticality of this vulnerability is mitigated by the requirement for an unprivileged user to interact with the Veeam ONE Administrator role before exploitation can occur. It is essential to apply the available patch to mitigate this issue and secure the Veeam ONE environment.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Veeam One

Affected Vendors

Veeam

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners