DLL Hijacking Vulnerability in Veritas Backup Exec Before 22.2 HotFix 917391
CVE-2024-33673

7.8HIGH

Key Information:

Vendor: Veritas
Status: Backup Exec
Vendor: CVE Published:; 26 April 2024

What is CVE-2024-33673?

An improper access control vulnerability has been identified in Veritas Backup Exec prior to version 22.2 HotFix 917391. This flaw allows an attacker to exploit DLL Hijacking by manipulating the Windows DLL Search path, potentially leading to unauthorized access to sensitive components within the software environment. This can compromise the integrity and availability of the affected systems, emphasizing the need for prompt updates and security measures to mitigate such vulnerabilities.

References

https://www.veritas.com/support/en_US/security/VTS24-002#H2

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 26, 2024
Vulnerability Reserved
Apr 26, 2024