New Privilege Escalation Vulnerability in Veritas NetBackup on Windows: Update Required to Mitigate Risks

Veritas has issued a security advisory addressing a significant privilege escalation vulnerability impacting its NetBackup software on Windows systems. This vulnerability, which affects NetBackup’s primary server, media server, and client components, exposes Windows-based NetBackup installations to potential privilege escalation attacks.

According to Veritas, “NetBackup primary server, media server, and clients running on Windows OS are vulnerable to an attack that could be used to escalate privileges.” The attack hinges on an attacker gaining write access to the root drive where NetBackup is installed, a situation that can allow the installation of a malicious DLL file. If a NetBackup user executes certain commands or is manipulated through social engineering tactics, the malicious DLL could be loaded, executing the attacker’s code within the user’s security context.

The vulnerability, which currently lacks a CVE assignment, has been given a CVSS score of 7.8, indicating a high level of severity. The advisory clarifies, “This only applies to NetBackup components running on a Windows Operating System,” making other OS environments safe from this particular exploit.

Veritas has outlined a broad spectrum of affected versions, including but not limited to:

• NetBackup Client, Primary Server, and Media Server Components on versions 10.4.0.1, 10.4, 10.3.0.1, 10.3, 10.2.0.1, 10.2, 10.1.1, 10.1, 10.0.0.1, and 10.0.** Older, unsupported versions may also be at risk.

To mitigate this vulnerability, Veritas has recommended two primary paths for remediation:

1. Upgrade to NetBackup Version 10.5: This new release addresses the vulnerability.
2. Apply Hotfixes for Supported Older Versions: Veritas advises upgrading to NetBackup Version 10.4.0.1 or 10.3.0.1 and applying the hotfix from Veritas’ download center to secure these installations.

For organizations that are unable to immediately upgrade, Veritas has offered an alternate mitigation method. Administrators are advised to:

• Create a directory named “bin” on the root drive where NetBackup is installed. For instance, if installed on the C: drive, a directory should be created at C:\bin.
• Restrict this directory’s access to administrative users only, preventing unauthorized write access that could enable the installation of malicious files.

Related Posts:

• CVE-2024-28222 (CVSS 9.8): Veritas NetBackup Remote Code Execution Vulnerability
• Veritas NetBackup OS Command Injection Vulnerability
• Veritas NetBackup Flex Scale Unauthenticated RCE Vulnerability
• CVE-2024-35204: Veritas System Recovery Vulnerability Puts Data at Risk
• CISA Warns of Five Newly Listed Actively Exploited Vulnerabilities