CVE-2023-38549

2023-11-0707:15:09

CWE-79

[email protected]

web.nvd.nist.gov

veeam one

vulnerability

ntlm hash

security

nvd

cve-2023-38549

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.0%

JSON

A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. Note: The criticality of this vulnerability is reduced as it requires interaction by a user with the Veeam ONE Administrator role.

Affected configurations

NVD

Node

veeamoneMatch11.0.0.1379

veeamoneMatch11.0.1.1880

veeamoneMatch12.0.0.2498

veeamoneMatch12.0.1.2591

CPENameOperatorVersion
veeam:oneveeam oneeq11.0.0.1379
veeam:oneveeam oneeq11.0.1.1880
veeam:oneveeam oneeq12.0.0.2498
veeam:oneveeam oneeq12.0.1.2591

CPE	Name	Operator	Version
veeam:one	veeam one	eq	11.0.0.1379
veeam:one	veeam one	eq	11.0.1.1880
veeam:one	veeam one	eq	12.0.0.2498
veeam:one	veeam one	eq	12.0.1.2591

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "vendor": "Veeam",
    "product": "One",
    "versions": [
      {
        "version": "11",
        "status": "affected",
        "lessThanOrEqual": "11",
        "versionType": "semver"
      },
      {
        "version": "11a",
        "status": "affected",
        "lessThanOrEqual": "11a",
        "versionType": "semver"
      },
      {
        "version": "12",
        "status": "affected",
        "lessThanOrEqual": "12",
        "versionType": "semver"
      }
    ]
  }
]