Login Sign Up

CVE-2022-36949

9.3 CRITICAL

📋 TL;DR

CVE-2022-36949 is a local privilege escalation vulnerability in Veritas NetBackup OpsCenter. An attacker with local access to an OpsCenter server could potentially gain elevated privileges. This affects NetBackup OpsCenter versions 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and version 10.

💻 Affected Systems

Products:
  • Veritas NetBackup OpsCenter
Versions: 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and version 10
Operating Systems: All supported platforms for NetBackup OpsCenter
Default Config Vulnerable: ⚠️ Yes
Notes: Requires local access to the OpsCenter server. The vulnerability exists in the default installation.

📦 What is this software?

Netbackup by Veritas

View all CVEs affecting Netbackup →

Netbackup by Veritas

View all CVEs affecting Netbackup →

Netbackup by Veritas

View all CVEs affecting Netbackup →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with local access could gain administrative privileges on the OpsCenter server, potentially compromising the entire NetBackup environment and accessing sensitive backup data.

🟠

Likely Case

Malicious insiders or attackers who have gained initial foothold could escalate privileges to execute arbitrary commands, modify configurations, or access backup data.

🟢

If Mitigated

With proper access controls and network segmentation, impact is limited to the OpsCenter server itself rather than the entire backup infrastructure.

🌐 Internet-Facing: LOW - This requires local access to the OpsCenter server, which should not be directly internet-facing.
🏢 Internal Only: HIGH - Internal attackers or compromised accounts with local access can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local access to the OpsCenter server. No public exploit code has been released.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply patches: 8.3.0.3, 9.0.0.2, 9.1.0.2, or later versions

Vendor Advisory: https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue5

Restart Required: Yes

Instructions:

1. Download the appropriate patch from Veritas Support. 2. Stop NetBackup OpsCenter services. 3. Apply the patch according to Veritas documentation. 4. Restart OpsCenter services. 5. Verify the patch was applied successfully.

🔧 Temporary Workarounds

Restrict Local Access

all

Limit local access to OpsCenter servers to authorized administrators only

Implement Least Privilege

all

Ensure users and service accounts have only necessary privileges on OpsCenter servers

🧯 If You Can't Patch

  • Implement strict access controls to limit who can log into OpsCenter servers
  • Monitor OpsCenter servers for suspicious local activity and privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check NetBackup OpsCenter version via the OpsCenter web interface or by examining installed software version

Check Version:

On Windows: Check Programs and Features. On Linux: rpm -qa | grep -i opscenter or dpkg -l | grep -i opscenter

Verify Fix Applied:

Verify the installed version is 8.3.0.3, 9.0.0.2, 9.1.0.2 or later

📡 Detection & Monitoring

Log Indicators:

  • Unusual privilege escalation attempts
  • Suspicious local user activity on OpsCenter servers
  • Unexpected service account privilege changes

Network Indicators:

  • Unusual authentication patterns to OpsCenter servers
  • Anomalous administrative access patterns

SIEM Query:

source="opscenter*" AND (event_type="privilege_escalation" OR user="*" AND action="elevate*")

📊 Metadata

CVE ID: CVE-2022-36949
CVSS v3 Score: 9.3 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Published: July 27, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON