Login Sign Up

CVE-2022-36954

9.9 CRITICAL
Authentication Bypass

📋 TL;DR

In Veritas NetBackup OpsCenter, an authenticated remote attacker can create or modify user accounts under specific conditions. This vulnerability affects OpsCenter versions 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and version 10.

💻 Affected Systems

Products:
  • Veritas NetBackup OpsCenter
Versions: 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated access to OpsCenter web interface or API

📦 What is this software?

Netbackup by Veritas

View all CVEs affecting Netbackup →

Netbackup by Veritas

View all CVEs affecting Netbackup →

Netbackup by Veritas

View all CVEs affecting Netbackup →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could create administrative accounts, gain full control of the OpsCenter system, and potentially compromise the entire NetBackup environment.

🟠

Likely Case

Attackers with existing authenticated access could escalate privileges, create backdoor accounts, or modify existing user permissions.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the OpsCenter component only.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires authenticated access but specific conditions are not publicly detailed

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.3.0.3, 9.0.0.2, 9.1.0.2, and 10.0.0.1

Vendor Advisory: https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue1

Restart Required: Yes

Instructions:

1. Download appropriate patch from Veritas support portal. 2. Apply patch following Veritas documentation. 3. Restart OpsCenter services.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to OpsCenter web interface and API to trusted networks only

Access Control

all

Implement strict authentication and authorization controls for OpsCenter access

🧯 If You Can't Patch

  • Isolate OpsCenter systems from untrusted networks
  • Implement multi-factor authentication and monitor for suspicious account creation

🔍 How to Verify

Check if Vulnerable:

Check OpsCenter version via web interface or command line

Check Version:

On OpsCenter server: cat /etc/version or check web interface

Verify Fix Applied:

Verify version is updated to patched version and test user account creation/modification

📡 Detection & Monitoring

Log Indicators:

  • Unexpected user account creation/modification events in OpsCenter logs
  • Authentication attempts from unusual sources

Network Indicators:

  • Unusual API calls to user management endpoints
  • Traffic to OpsCenter from unauthorized sources

SIEM Query:

source="opscenter" AND (event="user_create" OR event="user_modify")

📊 Metadata

CVE ID: CVE-2022-36954
CVSS v3 Score: 9.9 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Published: July 27, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON