Login Sign Up

CVE-2022-36987

8.5 HIGH

📋 TL;DR

This vulnerability allows authenticated attackers on NetBackup Client systems to write arbitrary files to NetBackup Primary servers. This could lead to remote code execution, data manipulation, or system compromise. Affected are Veritas NetBackup versions 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1.

💻 Affected Systems

Products:
  • Veritas NetBackup
  • NetBackup Appliance
  • NetBackup Flex Appliance
Versions: 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1
Operating Systems: All supported NetBackup platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated access to a NetBackup Client. Related NetBackup products may also be affected.

📦 What is this software?

Flex Appliance by Veritas

View all CVEs affecting Flex Appliance →

Flex Appliance by Veritas

View all CVEs affecting Flex Appliance →

Flex Appliance by Veritas

View all CVEs affecting Flex Appliance →

Flex Appliance by Veritas

View all CVEs affecting Flex Appliance →

Flex Appliance by Veritas

View all CVEs affecting Flex Appliance →

Flex Appliance by Veritas

View all CVEs affecting Flex Appliance →

Flex Scale by Veritas

View all CVEs affecting Flex Scale →

Flex Scale by Veritas

View all CVEs affecting Flex Scale →

Netbackup by Veritas

View all CVEs affecting Netbackup →

Netbackup by Veritas

View all CVEs affecting Netbackup →

Netbackup by Veritas

View all CVEs affecting Netbackup →

Netbackup by Veritas

View all CVEs affecting Netbackup →

Netbackup by Veritas

View all CVEs affecting Netbackup →

Netbackup by Veritas

View all CVEs affecting Netbackup →

Netbackup by Veritas

View all CVEs affecting Netbackup →

Netbackup by Veritas

View all CVEs affecting Netbackup →

Netbackup by Veritas

View all CVEs affecting Netbackup →

Netbackup by Veritas

View all CVEs affecting Netbackup →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full compromise of NetBackup Primary server leading to data destruction, ransomware deployment, or lateral movement to other systems in the environment.

🟠

Likely Case

Unauthorized file writes leading to data corruption, configuration changes, or privilege escalation on the backup server.

🟢

If Mitigated

Limited impact due to network segmentation, strict access controls, and monitoring preventing successful exploitation.

🌐 Internet-Facing: LOW (requires authenticated client access, typically not internet-facing)
🏢 Internal Only: HIGH (internal attackers with client credentials can exploit this vulnerability)

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access to a NetBackup Client, making it accessible to internal attackers or compromised client systems.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply patches as specified in VTS22-004 advisory

Vendor Advisory: https://www.veritas.com/content/support/en_US/security/VTS22-004

Restart Required: Yes

Instructions:

1. Review VTS22-004 advisory for specific patch versions. 2. Apply appropriate patches to all affected NetBackup Primary servers. 3. Restart NetBackup services. 4. Verify patch installation.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access between NetBackup Clients and Primary servers to only necessary ports and protocols.

Access Control Hardening

all

Implement strict authentication and authorization controls for NetBackup Client access.

🧯 If You Can't Patch

  • Implement strict network segmentation between NetBackup Clients and Primary servers
  • Enforce least privilege access controls and monitor for suspicious file write activities

🔍 How to Verify

Check if Vulnerable:

Check NetBackup version against affected ranges: 8.1.x-8.1.2, 8.2, 8.3.x-8.3.0.2, 9.x-9.0.0.1, 9.1.x-9.1.0.1

Check Version:

On NetBackup server: vxpbx_exchange -get_server_info | grep Version

Verify Fix Applied:

Verify patch installation by checking version is outside affected ranges and reviewing patch logs

📡 Detection & Monitoring

Log Indicators:

  • Unexpected file write operations from client systems
  • Unauthorized file modification attempts on Primary server

Network Indicators:

  • Unusual file transfer patterns between clients and primary servers

SIEM Query:

source="netbackup_logs" AND (event="file_write" OR event="unauthorized_access") AND dest_host="primary_server"

📊 Metadata

CVE ID: CVE-2022-36987
CVSS v3 Score: 8.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Published: July 28, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON