CVE-2023-38549

2023-11-0707:15:09

CWE-79

hackerone

web.nvd.nist.gov

veeam one

vulnerability

ntlm hash

security

nvd

cve-2023-38549

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.6

Confidence

High

EPSS

Percentile

14.0%

JSON

A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. Note: The criticality of this vulnerability is reduced as it requires interaction by a user with the Veeam ONE Administrator role.

Affected configurations

Nvd

Node

veeamoneMatch11.0.0.1379

veeamoneMatch11.0.1.1880

veeamoneMatch12.0.0.2498

veeamoneMatch12.0.1.2591

VendorProductVersionCPE
veeamone11.0.0.1379cpe:2.3:a:veeam:one:11.0.0.1379:*:*:*:*:*:*:*
veeamone11.0.1.1880cpe:2.3:a:veeam:one:11.0.1.1880:*:*:*:*:*:*:*
veeamone12.0.0.2498cpe:2.3:a:veeam:one:12.0.0.2498:*:*:*:*:*:*:*
veeamone12.0.1.2591cpe:2.3:a:veeam:one:12.0.1.2591:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
veeam	one	11.0.0.1379	cpe:2.3:a:veeam:one:11.0.0.1379:::::::*
veeam	one	11.0.1.1880	cpe:2.3:a:veeam:one:11.0.1.1880:::::::*
veeam	one	12.0.0.2498	cpe:2.3:a:veeam:one:12.0.0.2498:::::::*
veeam	one	12.0.1.2591	cpe:2.3:a:veeam:one:12.0.1.2591:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "vendor": "Veeam",
    "product": "One",
    "versions": [
      {
        "version": "11",
        "status": "affected",
        "lessThanOrEqual": "11",
        "versionType": "semver"
      },
      {
        "version": "11a",
        "status": "affected",
        "lessThanOrEqual": "11a",
        "versionType": "semver"
      },
      {
        "version": "12",
        "status": "affected",
        "lessThanOrEqual": "12",
        "versionType": "semver"
      }
    ]
  }
]