Veeam ONE Vulnerability – November 2023
Operating System Security VulnerabilityDiscover Veeam ONE Installs Vulnerable to CVE-2023-38547 or CVE-2023-38548
Veeam has released an advisory regarding 4 new vulnerabilities affecting their Veeam ONE IT monitoring and analytics platform, 2 of which are critical. The advisory includes the necessary hotfixes, and users are advised to patch their installations as soon as possible. If exploited CVE-2023-38547 could allow an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database, which could then lead to remote code execution on the SQL server hosting the Veeam ONE configuration database. CVE-2023-38548 could allow an unprivileged user with access to the Veeam ONE Web Client to obtain the NTLM hash of the account used by the Veeam ONE Reporting Service. You can find more details in our Veeam ONE Vulnerability Blog.
To help you locate any vulnerable Veeam ONE installations, the report below will provide you with an overview of all affected installs that you may still need to update. This way you have an actionable list of installs that need your intervention.
Run the Veeam ONE CVE-2023-38547 Vulnerability Audit Report Now!
Veeam ONE Vulnerability Audit Lansweeper On-Prem Query
Select Top 1000000 tblAssets.AssetID, tblAssets.AssetName, tblAssets.Domain, tblAssets.Username, tblAssets.Userdomain, Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon, tblAssets.IPAddress, tsysIPLocations.IPLocation, tblAssetCustom.Manufacturer, tblAssetCustom.Model, tsysOS.OSname As OS, tblAssets.Version, tblAssets.SP, tblSoftwareUni.softwareName, tblSoftwareUni.SoftwarePublisher, tblSoftware.softwareVersion, Case When Cast(ParseName(tblSoftware.softwareVersion, 4) As int) = 12 And Cast(ParseName(tblSoftware.softwareVersion, 2) As int) = 1 And Cast(ParseName(tblSoftware.softwareVersion, 1) As int) = 2591 Then 'Hotfix available' When Cast(ParseName(tblSoftware.softwareVersion, 4) As int) = 11 And Cast(ParseName(tblSoftware.softwareVersion, 2) As int) = 1 And Cast(ParseName(tblSoftware.softwareVersion, 1) As int) = 1880 Then 'Hotfix available' When Cast(ParseName(tblSoftware.softwareVersion, 4) As int) = 11 And Cast(ParseName(tblSoftware.softwareVersion, 2) As int) = 0 And Cast(ParseName(tblSoftware.softwareVersion, 1) As int) = 1379 Then 'Hotfix available' Else 'Hotfix not available, please update' End As [Vulnerable/Safe], Case When tblErrors.ErrorText Is Not Null Or tblErrors.ErrorText != '' Then 'Scanning Error: ' + tsysasseterrortypes.ErrorMsg Else '' End As ScanningErrors, tblAssets.Lastseen, tblAssets.Lasttried From tblAssets Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype Inner Join tsysIPLocations On tsysIPLocations.LocationID = tblAssets.LocationID Inner Join tblState On tblState.State = tblAssetCustom.State Inner Join tblSoftware On tblSoftware.AssetID = tblAssets.AssetID Inner Join dbo.tblSoftwareUni On tblSoftware.softID = tblSoftwareUni.SoftID Left Join tsysOS On tsysOS.OScode = tblAssets.OScode Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID, Max(tblErrors.Teller) As ErrorID From tblErrors Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID = ScanningError.ID Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype = tblErrors.ErrorType Where tblSoftwareUni.softwareName Like 'Veeam ONE%' And (Cast(ParseName(tblSoftware.softwareVersion, 4) As int) = 11 or Cast(ParseName(tblSoftware.softwareVersion, 4) As int) = 12) And tblState.Statename = 'Active' Order By tblAssets.Domain, tblAssets.AssetName