Several Vulnerabilities in Worker machines

[james.dowse]

My Defender for Endpoint has lit up with all the vulnerabilities on the Worker VMs for Azure backup.
I've tried contacting both support and hacker1 with no success. Is there a way to update the worker template with the latest packages for all the installed software?
There are nearly 380 CVE alerts for each VBA Worker.

[Vitaliy S.]

Hi James,

What is your Veeam support case ID? We regularly perform checks for our components, so most likely, those are false positives, but I would be happy to take a look at the report you've provided to our support team.

Thanks!

[james.dowse]

Support ID 07285773

[james.dowse]

I can send a spreadsheet with all the CVE picked up.

[james.dowse]

The first one is a CVSS score of 10: CVE-2023-1523
Summary: The snap sandbox in Ubuntu allows a malicious snap to inject commands into the controlling terminal, leading to the execution of arbitrary commands outside of the snap sandbox. This vulnerability can only be exploited when snaps are run on a virtual console.
Impact: If exploited, an attacker could execute arbitrary commands outside of the confined snap sandbox, potentially leading to unauthorized access, data breaches, or system compromise.
Remediation: Upgrade to the following package versions: ubuntu-core-snapd-units - 2.58+18.04.1, ubuntu-core-launcher - 2.58+18.04.1, snap-confine - 2.58+18.04.1, ubuntu-snappy-cli - 2.58+18.04.1, golang-github-snapcore-snapd-dev - 2.58+18.04.1, snapd-xdg-open - 2.58+18.04.1, snapd - 2.58+18.04.1, golang-github-ubuntu-core-snappy-dev - 2.58+18.04.1, ubuntu-snappy - 2.58+18.04.1

[Vitaliy S.]

Hey James,

I've taken a look at the spreadsheet and do not see any CVE numbers there. Moreover, it talks about Windows OS, while our appliance and workers are on Linux... Do you possibly have a detailed report on vulnerabilities (like you posted above), with CVEs and other details, because from the spreadsheet which mentions 23 lines it is impossible to figure out what it is about? Or maybe some other document was attached to the ticket.

Thanks!

P.S. once you send this report via ticket, our support team will escalate it to the RnD team for review (already agreed about it with them).

[james.dowse]

Spreadsheet uploaded

[Vitaliy S.]

While our team is looking into that spreadsheet, I was told that we always use the latest available image for our workers. Can you please clarify if you're using static or dynamic workers in the infrastructure?

[james.dowse]

How do i tell?

[Vitaliy S.]

You can check it over here: Adding Worker Profiles

If you're on the latest version of VB and use our defaults, then you're using dynamic workers based on the latest Ubuntu image from the Marketplace.

[james.dowse]

Then we use dynamic

[Vitaliy S.]

Ok, let's see what our security team replies after reviewing the report.

[Vitaliy S.]

Also, just in case I have a full picture of your case handling > what was the case ID/response after you submitted the report in the form provided by the support team?