PRUEBA AHORA

Veeam ONE Vulnerability – November 2023

Operating System Security Vulnerability

Discover Veeam ONE Installs Vulnerable to CVE-2023-38547 or CVE-2023-38548

Veeam has released an advisory regarding 4 new vulnerabilities affecting their Veeam ONE  IT monitoring and analytics platform, 2 of which are critical. The advisory includes the necessary hotfixes, and users are advised to patch their installations as soon as possible. If exploited CVE-2023-38547 could allow an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database, which could then lead to remote code execution on the SQL server hosting the Veeam ONE configuration database. CVE-2023-38548 could allow an unprivileged user with access to the Veeam ONE Web Client to obtain the NTLM hash of the account used by the Veeam ONE Reporting Service. You can find more details in our Veeam ONE Vulnerability Blog.

To help you locate any vulnerable Veeam ONE installations, the report below will provide you with an overview of all affected installs that you may still need to update. This way you have an actionable list of installs that need your intervention.

Run the Veeam ONE CVE-2023-38547 Vulnerability Audit Report Now!

veeam one vulnerability scaled 1

Veeam ONE Vulnerability Audit Lansweeper On-Prem Query

Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.IPAddress,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tsysOS.OSname As OS,
tblAssets.Version,
tblAssets.SP,
tblSoftwareUni.softwareName,
tblSoftwareUni.SoftwarePublisher,
tblSoftware.softwareVersion,
Case
When Cast(ParseName(tblSoftware.softwareVersion, 4) As int) = 12 And
Cast(ParseName(tblSoftware.softwareVersion, 2) As int) = 1 And
Cast(ParseName(tblSoftware.softwareVersion, 1) As int) = 2591 Then
'Hotfix available'
When Cast(ParseName(tblSoftware.softwareVersion, 4) As int) = 11 And
Cast(ParseName(tblSoftware.softwareVersion, 2) As int) = 1 And
Cast(ParseName(tblSoftware.softwareVersion, 1) As int) = 1880 Then
'Hotfix available'
When Cast(ParseName(tblSoftware.softwareVersion, 4) As int) = 11 And
Cast(ParseName(tblSoftware.softwareVersion, 2) As int) = 0 And
Cast(ParseName(tblSoftware.softwareVersion, 1) As int) = 1379 Then
'Hotfix available'
Else 'Hotfix not available, please update'
End As [Vulnerable/Safe],
Case
When tblErrors.ErrorText Is Not Null Or
tblErrors.ErrorText != '' Then
'Scanning Error: ' + tsysasseterrortypes.ErrorMsg
Else ''
End As ScanningErrors,
tblAssets.Lastseen,
tblAssets.Lasttried
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Inner Join tblSoftware On tblSoftware.AssetID = tblAssets.AssetID
Inner Join dbo.tblSoftwareUni On tblSoftware.softID = tblSoftwareUni.SoftID
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID,
Max(tblErrors.Teller) As ErrorID
From tblErrors
Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID =
ScanningError.ID
Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller
Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype =
tblErrors.ErrorType
Where tblSoftwareUni.softwareName Like 'Veeam ONE%' And
(Cast(ParseName(tblSoftware.softwareVersion, 4) As int) = 11 or
Cast(ParseName(tblSoftware.softwareVersion, 4) As int) = 12) And
tblState.Statename = 'Active'
Order By tblAssets.Domain,
tblAssets.AssetName

Show

Hide