Arbitrary File Deletion Vulnerability in Veritas NetBackup Before 10.4
CVE-2024-33672

7.1HIGH

Key Information:

Vendor: Veritas
Status: Netbackup
Vendor: CVE Published:; 26 April 2024

What is CVE-2024-33672?

An arbitrary file deletion vulnerability exists in Veritas NetBackup prior to version 10.4. The vulnerability is rooted in the Multi-Threaded Agent, which can be exploited to remove protected files without proper authorization. This poses a serious risk to data integrity and availability, making it crucial for users of affected versions to implement mitigation strategies, including applying the latest patches from the vendor.

References

https://www.veritas.com/support/en_US/security/VTS24-001

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 26, 2024
Vulnerability Reserved
Apr 26, 2024