Login Sign Up

CVE-2022-36951

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2022-36951 is an unauthenticated remote code execution vulnerability in Veritas NetBackup OpsCenter that allows attackers to compromise the host by exploiting an incorrectly patched previous vulnerability. This affects organizations running vulnerable versions of NetBackup OpsCenter, particularly those with internet-facing instances. The vulnerability stems from incomplete patching of a previous security issue.

💻 Affected Systems

Products:
  • Veritas NetBackup OpsCenter
Versions: 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10
Operating Systems: All supported platforms for NetBackup OpsCenter
Default Config Vulnerable: ⚠️ Yes
Notes: All installations within affected version ranges are vulnerable. The vulnerability results from incomplete patching of a previous security issue.

📦 What is this software?

Netbackup by Veritas

View all CVEs affecting Netbackup →

Netbackup by Veritas

View all CVEs affecting Netbackup →

Netbackup by Veritas

View all CVEs affecting Netbackup →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attacker to execute arbitrary code with highest privileges, potentially leading to data theft, ransomware deployment, or lateral movement across the network.

🟠

Likely Case

Remote code execution leading to installation of backdoors, credential harvesting, or deployment of malware on the affected NetBackup OpsCenter server.

🟢

If Mitigated

Limited impact due to network segmentation, proper access controls, and monitoring that detects exploitation attempts before successful compromise.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Given the high CVSS score and unauthenticated nature, exploitation tools are likely to be developed or already exist in attacker toolkits.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.3.0.3, 9.0.0.2, 9.1.0.2, and 10.0.0.1

Vendor Advisory: https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue2

Restart Required: Yes

Instructions:

1. Download the appropriate patch from Veritas support portal. 2. Apply the patch following Veritas documentation. 3. Restart the NetBackup OpsCenter service. 4. Verify the patch was successfully applied.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to NetBackup OpsCenter to only trusted management networks

Firewall Rules

all

Implement strict firewall rules to block external access to NetBackup OpsCenter ports

🧯 If You Can't Patch

  • Immediately isolate the NetBackup OpsCenter server from internet access
  • Implement strict network segmentation and monitor for any suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check NetBackup OpsCenter version against affected versions list. If version falls within affected ranges, system is vulnerable.

Check Version:

Check version through NetBackup OpsCenter web interface or consult Veritas documentation for version checking commands

Verify Fix Applied:

Verify NetBackup OpsCenter version is updated to patched versions: 8.3.0.3, 9.0.0.2, 9.1.0.2, or 10.0.0.1

📡 Detection & Monitoring

Log Indicators:

  • Unusual process creation events
  • Suspicious network connections from OpsCenter server
  • Authentication bypass attempts in logs

Network Indicators:

  • Unexpected outbound connections from OpsCenter server
  • Traffic patterns indicating exploitation attempts

SIEM Query:

Example: source="netbackup-opscenter" AND (event_type="process_creation" OR event_type="network_connection") AND severity=HIGH

📊 Metadata

CVE ID: CVE-2022-36951
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: July 27, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON