CVE-2023-38548

2023-11-0707:15:08

[email protected]

web.nvd.nist.gov

veeam one

vulnerability

ntlm hash

security

unprivileged user

nvd

cve-2023-38548

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

9.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service.

Affected configurations

NVD

Node

veeamoneMatch12.0.0.2498

veeamoneMatch12.0.1.2591

CPENameOperatorVersion
veeam:oneveeam oneeq12.0.0.2498
veeam:oneveeam oneeq12.0.1.2591

CPE	Name	Operator	Version
veeam:one	veeam one	eq	12.0.0.2498
veeam:one	veeam one	eq	12.0.1.2591

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "vendor": "Veeam",
    "product": "One",
    "versions": [
      {
        "version": "12",
        "status": "affected",
        "lessThanOrEqual": "12",
        "versionType": "semver"
      }
    ]
  }
]