Veritas NetBackup Server and Client RCE Vulnerability - 20240308005¶
Overview¶
A critical vulnerability has been discovered in the Veritas NetBackup servers, clients, and appliance. Successful exploitation could allow an unauthenticated attacker to upload and execute a custom file.
What is vulnerable?¶
| Product(s) Affected | Summary | Severity | CVSS |
|---|---|---|---|
| NetBackup primary server, media server, and clients – prior to 8.1.2 | CVE-2024-28222 | Critical | 9.8 |
| NetBackup Appliance – prior to 3.1.2 | CVE-2024-28222 | Critical | 9.8 |
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe (refer Patch Management):
-
For NetBackup: If you are on a version prior to 8.1.2, upgrade to 8.3.0.2 or later. If you are currently on 8.1.2 or later no action is required.
-
For NetBackup Appliance: If you are on a version prior to 3.1.2, upgrade to version 3.3.0.2 MR2 or later. If you are currently on 3.1.2 or later no action is required.