#1 Global Leader in Data Protection & Ransomware Recovery

Vulnerability Scanner Detection Related to CVE-2023-38545

KB ID: 4523
Product: Veeam Backup & Replication
Veeam Agent for Microsoft Windows
Veeam Agent for Linux
Veeam Cloud Connect
Published: 2023-12-12
Last Modified: 2023-12-12
mailbox
Get weekly article updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.

Cheers for trusting us with the spot in your mailbox!

Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest

error icon

Oops! Something went wrong.

Please try again later.

Purpose

This Veeam KB article was created to address customers' concerns about the detection of libcurl by their security software on machines where the Veeam Transport Service is installed. Libcurl is a component of VMware VDDK (Virtual Disk Development Kit), which Veeam Backup & Replication redistributes to be able to protect VMware vSphere environments. Veeam Backup & Replication includes VDDK with the Veeam Transport Service package, which is deployed on managed machines for data movement purposes. A single Veeam Transport package is used for all situations where any portion of the Veeam Transport Services capabilities would be needed. Therefore, any server with the Veeam Transport Service installed will have VDDK libraries, regardless of whether the machine is part of a VMware vSphere backup infrastructure.
In October of 2023, a vulnerability (CVE-2023-38545) involving curl and libcurl was made public. Full details regarding this vulnerability can be found in the articles listed below.
The crucial takeaway is that this vulnerability involves curl/libcurl and the SOCKS5 proxy handshake process. Therefore, because Veeam Backup & Replication does not use the SOCKS5 protocol for communication between its components nor with any external services, Veeam Backup & Replication is not impacted by this vulnerability.

Impact Statement

Veeam Backup & Replication is not vulnerable to CVE-2023-38545 because Veeam Backup & Replication does not use SOCKS5 protocol.

False Positive Alerts

Vulnerability detection software may issue false positive alerts based merely on the fact that the libcurl library file is present on a machine where the Veeam Transport Service has been deployed. Below is a list of component roles where Veeam Backup & Replication deploys the Veeam Transport Service for data movement purposes, meaning that the libcurl file contained in the VDDK libraries will also be found on servers holding these roles:

False Positive Alert Mitigation

Mitigation Explanation

Mitigation involves the removal of VDDK, which contains the libcurl library, from machines where it is not needed. It is crucial that VDDK not be removed from any machine with a role that requires the capability to communicate with the VMware vSphere environment. 

Roles where VDDK must not be removed as it would impact the ability to communicate with the VMware vSphere environment:

  • Veeam Backup Server
  • VMware Backup Proxy
  • Guest Interaction Proxy
  • CDP Proxy

Please note that the presence of VDDK on any other Veeam components or on protected machines that do not carry the above roles does not represent even a theoretical threat because VDDK is never used or called from the Veeam code on those machines.

VDDK Library Must Remain on VMware Backup Proxies
Do not remove the VDDK libraries from VMware Backup Proxies. Removing the VDDK libraries from a VMware Backup Proxy will cause operations that attempt to use that proxy to communicate with VMware vSphere to fail with the error documented in KB2678.
Veeam Transport Redeployment
If the Veeam Transport package is reinstalled, either manually or as a result of an upgrade, the VDDK libraries will be reinstalled and will have to be removed again.

Implementation of Mitigation

If you have any questions or concerns, please do not hesitate to create a Veeam Support case.

 

For each machine that your security software has alerted to the presence of the libcurl library:

  1. Review whether the machine is a part of the VMware vSphere backup infrastructure.
    Reference the list of roles within the Mitigation Explanation section above.
  2. If the machine does not carry one of those roles, use the commands below to remove the VDDK libraries that contain the libcurl library.

Linux Machines

To remove the VDDK libraries on a Linux machine, use the following command:

sudo rm -rf /opt/veeam/transport/vddk*

Windows Machines

To remove the VDDK libraries from a Windows machine, use the following commands:

Remove-Item -Recurse -Force "C:\Program Files (x86)\Veeam\Backup Transport\x64\vddk*"
Remove-Item -Recurse -Force "C:\Program Files (x86)\Veeam\Backup Transport\x64\vix"
Remove-Item -Recurse -Force "C:\Program Files (x86)\Veeam\Backup Transport\x86\vix"

More Information

Veeam plans to update VDDK versions to the ones with a non-vulnerable version of libcurl once the updated VDDK versions are made available by the VDDK supplier (VMware).
To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Spelling error in text

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please try again later.

You have selected too large block!

Please try select less.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case

By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Verify your email to continue your product download
We've sent a verification code to:
  • Incorrect verification code. Please try again.
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

error icon

Oops! Something went wrong.

Please try again later.