Unauthenticated File Execution Vulnerability in NetBackup Before 8.1.2 and NetBackup Appliance Before 3.1.2
CVE-2024-28222

9.8CRITICAL

Key Information:

Vendor
Veritas
Status
Netbackup Appliance
Netbackup
Vendor
CVE Published:
7 March 2024

Badges

👾 Exploit Exists

Summary

A vulnerability exists within Veritas NetBackup and NetBackup Appliance due to improper validation of file paths in the BPCD process. This flaw can be exploited by unauthenticated attackers, which allows them to upload arbitrary files and execute them, posing a significant risk to the integrity and availability of the affected systems.

References

https://www.veritas.com/content/support/en_US/security/VT...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2024-28222 : Unauthenticated File Execution Vulnerability in NetBackup Before 8.1.2 and NetBackup Appliance Before 3.1.2 | SecurityVulnerability.io