Veeam One Multiple Vulnerabilities - CVE-2023-38547 | CVE-2023-38548 CVE-2023-38549 | CVE-2023-41723


Userlevel 7
Badge +11

A bunch of new vulnerabilities was discovered on Veeam One against the SQL Server connection:

 

You can see all of these on the new Veeam KB4508.

 

Don't hesitate and update your Veeam One environment right now.


15 comments

Userlevel 7
Badge +20

Saw this in the Vanguard slack channel.  Need to check with Support to ensure it will not mess up other patches I have installed for various fixes.  Thanks for sharing.

Userlevel 7
Badge +11

Saw this in the Vanguard slack channel.  Need to check with Support to ensure it will not mess up other patches I have installed for various fixes.  Thanks for sharing.

I can see that 3 hotfixes are available.

If you have any new information with support, just let us know!

Userlevel 7
Badge +20

Saw this in the Vanguard slack channel.  Need to check with Support to ensure it will not mess up other patches I have installed for various fixes.  Thanks for sharing.

I can see that 3 hotfixes are available.

If you have any new information with support, just let us know!

Yes, for different versions of VONE.  I am checking on the v12 patch with my current deployment and hotfixes.  Will update here if needed.

Userlevel 7
Badge +7

@wolff.mateus thanks for sharing.

@Chris.Childerhose the KB4508 is included different versions, waiting for your update if you have new information.

Userlevel 7
Badge +12

Waiting for Chris answer doesn‘t make much sense.
Each environment may have other privat hotfixes. The answer Chris will get is specific for his environment and not yours :)

 

If you know about private hotfixes in your VeeamOne server, then please open your own support case to check if the new patch interferes with it.

 

Best,

Fabian

Userlevel 7
Badge +7

@Mildur Agree.
Everyone should install Hotfix ASAP. I still encourage everyone to share his experiences in the community because vulnerabilities is not easy to find. That's why everyone joins this community help others and yourself 😄

Userlevel 7
Badge +7

Backup MSSQL

Snapshot VM

Get-WmiObject-ClassWin32_Product |where {$_.Name -like"Veeam ONE*"}|selectName,Version

Download the hotfix package that matches the installed Veeam ONE build number.

Stop the following services on the Veeam ONE server:

  • Veeam ONE Monitoring Service
  • Veeam ONE Reporting Service

Replace the existing files with the files provided in the hotfix.
Note: The contents of the hotfix zip match the folder structure of the Veeam ONE Reporter Server folder. The hotfix files must be placed in the folders that match the folder within the hotfix zip.

  • DLLs in the root of the hotfix zip go in: C:\Program Files\Veeam\Veeam ONE\Veeam ONE Reporter Server\
  • rename DLL

 

  • This file is only in the hotfix for 12.0.1.2591, as it is related to the vulnerability that only affects Veeam ONE version 12.
  • Files in the Collecting folder within the hotfix go in: C:\Program Files\Veeam\Veeam ONE\Veeam ONE Reporter Server\Collecting\
  • Veeam.Retriever.exe
  • Veeam.Reporter.GrpcShared.dll
    This file is only in the hotfix for 12.0.1.2591, as it is related to the vulnerability that only affects Veeam ONE version 12.
  • iles in the Reporting folder within the hotfix go in: C:\Program Files\Veeam\Veeam ONE\Veeam ONE Reporter Server\Reporting\
  • Veeam.Reporter.Reporting.exe
  • Veeam.Reporter.GrpcShared.dll
  • This file is only in the hotfix for 12.0.1.2591, as it is related to the vulnerability that only affects Veeam ONE version 12.

Start the services stopped in Step 3.

after patching everything works as expected

Userlevel 7
Badge +20

Waiting for Chris answer doesn‘t make much sense.
Each environment may have other privat hotfixes. The answer Chris will get is specific for his environment and not yours :)

 

If you know about private hotfixes in your VeeamOne server, then please open your own support case to check if the new patch interferes with it.

 

Best,

Fabian

Yes while the patch does not affect my hotfixes everyone needs to check with support on their own hotfixes.

Userlevel 7
Badge +20

Just so everyone is aware I applied the hotfix for the CVE stuff which does not affect my other hotfixes implemented but having issues now.

Might need to roll it back but working with my case via support.  Warning messages during data collection task now that point to the CVE hotfix -

11/7/2023 1:00:04 PM [warning]: servername: Method not found: 'System.String Veeam.Reporter.GrpcService.GrpcServices.GrpcAuthInterceptor.get_CurrentAccessJwt()'.

Be careful when applying the fix and watch your collections for this warning.

Userlevel 7
Badge +7

Just so everyone is aware I applied the hotfix for the CVE stuff which does not affect my other hotfixes implemented but having issues now.

Might need to roll it back but working with my case via support.  Warning messages during data collection task now that point to the CVE hotfix -

11/7/2023 1:00:04 PM [warning]: servername: Method not found: 'System.String Veeam.Reporter.GrpcService.GrpcServices.GrpcAuthInterceptor.get_CurrentAccessJwt()'.

Be careful when applying the fix and watch your collections for this warning.

List of my updates on the:

v. 01.11.1880

11/8/2023 3:20:39 AM [warning]: Failed to assign vSphere Tags. See logs for more details.

 

 

on version 11.0.01379

I found this failure warning 

8/11/2023 02:00:02 [warning]: veeam-xxx: Failed to get data collection status - Do I need to open a support request?

8/11/2023 02:00:02 [info]: veeam-xxx: Finished collecting Veeam Backup & Replication data

8/11/2023 02:00:02 [info]: veeam-xxx: Data collection completed

 

on version 12.01.2591

11/7/2023 11:33:25 AM [warning]: Failed to assign vSphere Tags. See logs for more details.

Userlevel 7
Badge +9

Backup MSSQL

Snapshot VM

Get-WmiObject-ClassWin32_Product |where {$_.Name -like"Veeam ONE*"}|selectName,Version

Download the hotfix package that matches the installed Veeam ONE build number.

Stop the following services on the Veeam ONE server:

  • Veeam ONE Monitoring Service
  • Veeam ONE Reporting Service

Replace the existing files with the files provided in the hotfix.
Note: The contents of the hotfix zip match the folder structure of the Veeam ONE Reporter Server folder. The hotfix files must be placed in the folders that match the folder within the hotfix zip.

  • DLLs in the root of the hotfix zip go in: C:\Program Files\Veeam\Veeam ONE\Veeam ONE Reporter Server\
  • rename DLL

 

  • This file is only in the hotfix for 12.0.1.2591, as it is related to the vulnerability that only affects Veeam ONE version 12.
  • Files in the Collecting folder within the hotfix go in: C:\Program Files\Veeam\Veeam ONE\Veeam ONE Reporter Server\Collecting\
  • Veeam.Retriever.exe
  • Veeam.Reporter.GrpcShared.dll
    This file is only in the hotfix for 12.0.1.2591, as it is related to the vulnerability that only affects Veeam ONE version 12.
  • iles in the Reporting folder within the hotfix go in: C:\Program Files\Veeam\Veeam ONE\Veeam ONE Reporter Server\Reporting\
  • Veeam.Reporter.Reporting.exe
  • Veeam.Reporter.GrpcShared.dll
  • This file is only in the hotfix for 12.0.1.2591, as it is related to the vulnerability that only affects Veeam ONE version 12.

Start the services stopped in Step 3.

after patching everything works as expected

Great post, why didn’t you create a new blogpost out of this?

Userlevel 7
Badge +7

 

Great post, why didn’t you create a new blogpost out of this?

Because they have already made a guide in cyber security @Michael Melter 😂

Userlevel 7
Badge +9

 

Great post, why didn’t you create a new blogpost out of this?

Because they have already made a guide in cyber security @Michael Melter 😂

I saw that afterwards! That was an excellent piece  ... 

I assume this only applies to the server and not to the any workstations running the Veeam One Client only.

Windows Defender detected the Veeam One Client installed on my workstation so I am wondering if I should uninstall it?

Userlevel 7
Badge +20

I assume this only applies to the server and not to the any workstations running the Veeam One Client only.

Windows Defender detected the Veeam One Client installed on my workstation so I am wondering if I should uninstall it?

Yes this is the server side patch.

Comment