Veritas Netbackup: Rights extension in Windows possible

There is a vulnerability in Veritas Netbackup that allows attackers to extend their rights to vulnerable systems. The software under the Windows operating system is affected.

In a security advisory, Veritas warns that attackers who have write access to the system drive on which Netbackup is installed can install a malicious DLL. If the user executes certain Netbackup commands or convinces other users via social engineering to execute these commands, the malicious DLL is loaded and the attacker's code is executed in the user's security context.

Veritas netbackup gap closed by update

The developers have only applied for a CVE number, which has not yet been assigned. The CVSS value is 7.8, which corresponds to a high risk. Netbackup Primary Server, Media Server and clients running in Windows are affected in versions 10.0, 10.0.0.1, 10.1, 10.1.1, 10.2, 10.2.0.1, 10.3, 10.3.0.1, 10.4 and 10.4.0.1. Older versions may also be vulnerable, but will no longer receive support, Veritas explains.

Veritas recommends installing Netbackup 10.5 or 10.4.0.1 and the corresponding hotfix or 10.3.0.1 and the corresponding hotfix. If an update is not yet possible, there is also a temporary countermeasure. A directory called "bin" should be created in the root directory of the drive on which Netbackup is installed and access to it should be restricted to administrative users. If Netbackup is installed on the C: drive, the directory C:\bin should be created in this way.

The developers found and closed some critical security vulnerabilities in Veritas Netbackup around the end of 2022. Attackers from the network could have infiltrated arbitrary commands.

(dmk)