CVE-2024-33673: 
Veritas Backup Exec Agent vulnerability analysis and mitigation

A DLL hijacking vulnerability was discovered in Veritas Backup Exec versions before 22.2 HotFix 917391. The vulnerability allows for DLL Hijacking in the Windows DLL Search path due to improper access controls (Veritas Advisory).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access and low privileges to exploit, requires no user interaction, and can result in high impacts to confidentiality, integrity, and availability (MITRE CVE, Veritas Advisory).

If successfully exploited, the vulnerability could allow an attacker to execute arbitrary code with elevated privileges through DLL hijacking. The high CVSS score indicates severe potential impacts to system confidentiality, integrity, and availability (Veritas Advisory).

Veritas recommends either upgrading to Version 23.0 (which requires no additional HotFix) or upgrading to version 22.2 and applying HotFix 917391 from the Download Center. As a mitigation, users can ensure non-admin Windows users do not have access to create files in the DLL search path (Veritas Advisory).

The vulnerability was discovered and reported by the Lockheed Martin Red Team, demonstrating active security research involvement from major industry players (Veritas Advisory).