Vulnerability DatabaseCVE-2022-36986

CVE-2022-36986:
Veritas NetBackup Client vulnerability analysis and mitigation

Overview

A critical security vulnerability (CVE-2022-36986) was discovered in Veritas NetBackup versions 8.1.x through 9.1.x, affecting NetBackup Primary servers. The vulnerability was disclosed on July 27, 2022, and allows an attacker with unauthenticated access to remotely execute arbitrary commands on a NetBackup Primary server (Veritas Advisory).

Technical details

The vulnerability is classified as High severity with a CVSS v3.1 Base Score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H). This remote code execution vulnerability requires no authentication or user interaction, making it particularly dangerous. The attack vector is network-accessible and has low attack complexity (Veritas Advisory).

Impact

If successfully exploited, this vulnerability allows attackers to execute arbitrary commands on a NetBackup Primary server without requiring authentication. This could potentially lead to complete system compromise and significant service disruption (Veritas Advisory).

Mitigation and workarounds

Veritas has released HotFixes for affected versions including NetBackup 8.1.2, 8.2, 8.3.0.1, 8.3.0.2, 9.0.0.1, and 9.1.0.1. Organizations running versions prior to 8.1.2 are advised to upgrade to a newer version and apply the appropriate NetBackup HotFix. The fix should be applied to both Primary servers and Media servers for complete protection (Veritas Advisory).

Additional resources

Source: This report was generated using AI

Related Veritas NetBackup Client vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2024-28222	CRITICAL	9.8	Veritas NetBackup Client	cpe:2.3:a:veritas:netbackup	No	Yes	Mar 07, 2024
CVE-2024-52945	HIGH	7.8	Veritas NetBackup Client	cpe:2.3:a:veritas:netbackup	No	Yes	Nov 18, 2024
CVE-2023-28759	HIGH	7.8	Veritas NetBackup Client	cpe:2.3:a:veritas:netbackup	No	Yes	Mar 23, 2023
CVE-2024-33672	HIGH	7.1	Veritas NetBackup Client	cpe:2.3:a:veritas:netbackup	No	Yes	Apr 26, 2024
CVE-2023-28758	HIGH	7.1	Veritas NetBackup Client	cpe:2.3:a:veritas:netbackup	No	Yes	Mar 23, 2023

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

A threat intelligence database

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management

Get a demo

CVE-2022-36986: Veritas NetBackup Client vulnerability analysis and mitigation