Agentless, cloud-native backup for Microsoft Azure
Post Reply
james.dowse
Novice
Posts: 7
Liked: 1 time
Joined: Jun 05, 2024 8:12 am
Full Name: James Dowse
Contact:

Several Vulnerabilities in Worker machines

Post by james.dowse »

My Defender for Endpoint has lit up with all the vulnerabilities on the Worker VMs for Azure backup.
I've tried contacting both support and hacker1 with no success. Is there a way to update the worker template with the latest packages for all the installed software?
There are nearly 380 CVE alerts for each VBA Worker.
Vitaliy S.
VP, Product Management
Posts: 27237
Liked: 2750 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Several Vulnerabilities in Worker machines

Post by Vitaliy S. »

Hi James,

What is your Veeam support case ID? We regularly perform checks for our components, so most likely, those are false positives, but I would be happy to take a look at the report you've provided to our support team.

Thanks!
james.dowse
Novice
Posts: 7
Liked: 1 time
Joined: Jun 05, 2024 8:12 am
Full Name: James Dowse
Contact:

Re: Several Vulnerabilities in Worker machines

Post by james.dowse »

Support ID 07285773
james.dowse
Novice
Posts: 7
Liked: 1 time
Joined: Jun 05, 2024 8:12 am
Full Name: James Dowse
Contact:

Re: Several Vulnerabilities in Worker machines

Post by james.dowse »

I can send a spreadsheet with all the CVE picked up.
james.dowse
Novice
Posts: 7
Liked: 1 time
Joined: Jun 05, 2024 8:12 am
Full Name: James Dowse
Contact:

Re: Several Vulnerabilities in Worker machines

Post by james.dowse »

The first one is a CVSS score of 10: CVE-2023-1523
Summary: The snap sandbox in Ubuntu allows a malicious snap to inject commands into the controlling terminal, leading to the execution of arbitrary commands outside of the snap sandbox. This vulnerability can only be exploited when snaps are run on a virtual console.
Impact: If exploited, an attacker could execute arbitrary commands outside of the confined snap sandbox, potentially leading to unauthorized access, data breaches, or system compromise.
Remediation: Upgrade to the following package versions: ubuntu-core-snapd-units - 2.58+18.04.1, ubuntu-core-launcher - 2.58+18.04.1, snap-confine - 2.58+18.04.1, ubuntu-snappy-cli - 2.58+18.04.1, golang-github-snapcore-snapd-dev - 2.58+18.04.1, snapd-xdg-open - 2.58+18.04.1, snapd - 2.58+18.04.1, golang-github-ubuntu-core-snappy-dev - 2.58+18.04.1, ubuntu-snappy - 2.58+18.04.1
Vitaliy S.
VP, Product Management
Posts: 27237
Liked: 2750 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Several Vulnerabilities in Worker machines

Post by Vitaliy S. »

Hey James,

I've taken a look at the spreadsheet and do not see any CVE numbers there. Moreover, it talks about Windows OS, while our appliance and workers are on Linux... Do you possibly have a detailed report on vulnerabilities (like you posted above), with CVEs and other details, because from the spreadsheet which mentions 23 lines it is impossible to figure out what it is about? Or maybe some other document was attached to the ticket.

Thanks!

P.S. once you send this report via ticket, our support team will escalate it to the RnD team for review (already agreed about it with them).
james.dowse
Novice
Posts: 7
Liked: 1 time
Joined: Jun 05, 2024 8:12 am
Full Name: James Dowse
Contact:

Re: Several Vulnerabilities in Worker machines

Post by james.dowse » 1 person likes this post

Spreadsheet uploaded
Vitaliy S.
VP, Product Management
Posts: 27237
Liked: 2750 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Several Vulnerabilities in Worker machines

Post by Vitaliy S. »

While our team is looking into that spreadsheet, I was told that we always use the latest available image for our workers. Can you please clarify if you're using static or dynamic workers in the infrastructure?
james.dowse
Novice
Posts: 7
Liked: 1 time
Joined: Jun 05, 2024 8:12 am
Full Name: James Dowse
Contact:

Re: Several Vulnerabilities in Worker machines

Post by james.dowse »

How do i tell?
Vitaliy S.
VP, Product Management
Posts: 27237
Liked: 2750 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Several Vulnerabilities in Worker machines

Post by Vitaliy S. »

You can check it over here: Adding Worker Profiles

If you're on the latest version of VB and use our defaults, then you're using dynamic workers based on the latest Ubuntu image from the Marketplace.
james.dowse
Novice
Posts: 7
Liked: 1 time
Joined: Jun 05, 2024 8:12 am
Full Name: James Dowse
Contact:

Re: Several Vulnerabilities in Worker machines

Post by james.dowse »

Then we use dynamic
Vitaliy S.
VP, Product Management
Posts: 27237
Liked: 2750 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Several Vulnerabilities in Worker machines

Post by Vitaliy S. »

Ok, let's see what our security team replies after reviewing the report.
Vitaliy S.
VP, Product Management
Posts: 27237
Liked: 2750 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Several Vulnerabilities in Worker machines

Post by Vitaliy S. »

Also, just in case I have a full picture of your case handling > what was the case ID/response after you submitted the report in the form provided by the support team?
Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests