Login Sign Up

CVE-2022-36989

8.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows authenticated attackers on NetBackup Client systems to remotely execute arbitrary commands on NetBackup Primary servers. It affects multiple versions of Veritas NetBackup and related products. Attackers need valid credentials on a client system to exploit this vulnerability.

💻 Affected Systems

Products:
  • Veritas NetBackup
  • NetBackup Appliance
  • NetBackup Flex Scale
  • NetBackup CloudPoint
Versions: 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1
Operating Systems: All supported NetBackup platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Affects both Windows and Linux deployments. Related NetBackup products may also be vulnerable.

📦 What is this software?

Flex Appliance by Veritas

View all CVEs affecting Flex Appliance →

Flex Appliance by Veritas

View all CVEs affecting Flex Appliance →

Flex Appliance by Veritas

View all CVEs affecting Flex Appliance →

Flex Appliance by Veritas

View all CVEs affecting Flex Appliance →

Flex Appliance by Veritas

View all CVEs affecting Flex Appliance →

Flex Appliance by Veritas

View all CVEs affecting Flex Appliance →

Flex Scale by Veritas

View all CVEs affecting Flex Scale →

Flex Scale by Veritas

View all CVEs affecting Flex Scale →

Netbackup by Veritas

View all CVEs affecting Netbackup →

Netbackup by Veritas

View all CVEs affecting Netbackup →

Netbackup by Veritas

View all CVEs affecting Netbackup →

Netbackup by Veritas

View all CVEs affecting Netbackup →

Netbackup by Veritas

View all CVEs affecting Netbackup →

Netbackup by Veritas

View all CVEs affecting Netbackup →

Netbackup by Veritas

View all CVEs affecting Netbackup →

Netbackup by Veritas

View all CVEs affecting Netbackup →

Netbackup by Veritas

View all CVEs affecting Netbackup →

Netbackup by Veritas

View all CVEs affecting Netbackup →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of NetBackup Primary server leading to data exfiltration, ransomware deployment, or lateral movement to other enterprise systems.

🟠

Likely Case

Privilege escalation leading to backup data manipulation, credential theft, or deployment of persistence mechanisms.

🟢

If Mitigated

Limited impact due to network segmentation, strong authentication controls, and monitoring preventing successful exploitation.

🌐 Internet-Facing: LOW - Exploitation requires authenticated access to NetBackup Client systems, which are typically not internet-facing.
🏢 Internal Only: HIGH - Internal attackers with client access can compromise primary servers, potentially affecting backup integrity and availability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access to a NetBackup Client. No public exploit code available as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.1.2 Update 5, 8.3.0.2 Update 2, 9.0.0.1 Update 1, 9.1.0.1 Update 1 or later

Vendor Advisory: https://www.veritas.com/content/support/en_US/security/VTS22-004

Restart Required: Yes

Instructions:

1. Download appropriate hotfix from Veritas Support. 2. Apply hotfix to all affected NetBackup Primary servers. 3. Restart NetBackup services. 4. Verify patch installation.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access between NetBackup Clients and Primary servers to only necessary ports and protocols.

Enhanced Authentication Controls

all

Implement multi-factor authentication and strict access controls for NetBackup Client systems.

🧯 If You Can't Patch

  • Implement strict network segmentation between NetBackup Clients and Primary servers
  • Enforce least privilege access controls and monitor for suspicious authentication attempts

🔍 How to Verify

Check if Vulnerable:

Check NetBackup version using 'bpgetconfig' command or Admin Console. Compare against affected version ranges.

Check Version:

bpgetconfig | grep -i version

Verify Fix Applied:

Verify installed hotfix version matches patched versions listed in vendor advisory.

📡 Detection & Monitoring

Log Indicators:

  • Unusual command execution patterns on Primary servers
  • Authentication anomalies from Client systems
  • Unexpected process creation on Primary servers

Network Indicators:

  • Anomalous network traffic between Clients and Primary servers
  • Unexpected remote command execution patterns

SIEM Query:

source="netbackup" AND (event_type="command_execution" OR process_name="cmd.exe" OR process_name="bash") AND dest_host="primary_server"

📊 Metadata

CVE ID: CVE-2022-36989
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Published: July 28, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON