CVE-2022-36990
📋 TL;DR
This vulnerability allows an authenticated attacker on a NetBackup Client to remotely write arbitrary files to any location on any other Client via a Primary server. This affects Veritas NetBackup versions 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1. Attackers with client access can potentially compromise other systems in the backup environment.
💻 Affected Systems
- Veritas NetBackup
- NetBackup Appliance
- NetBackup Flex Appliance
- NetBackup SaaS Protection
📦 What is this software?
Flex Scale by Veritas
Flex Scale by Veritas
Netbackup by Veritas
Netbackup by Veritas
Netbackup by Veritas
Netbackup by Veritas
Netbackup by Veritas
Netbackup by Veritas
Netbackup by Veritas
Netbackup by Veritas
Netbackup by Veritas
Netbackup by Veritas
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of all NetBackup Clients via arbitrary file writes leading to remote code execution, data destruction, or lateral movement across the backup infrastructure.
Likely Case
Data manipulation, configuration file tampering, or privilege escalation on targeted Clients leading to backup integrity compromise.
If Mitigated
Limited impact if network segmentation and strict access controls prevent attacker access to vulnerable Clients.
🎯 Exploit Status
Exploitation requires authenticated access to a NetBackup Client. The vulnerability appears to be in the file transfer mechanism between Clients via Primary servers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Apply updates: 8.1.2 Update 10, 8.3.0.2 Update 7, 9.0.0.1 Update 6, 9.1.0.1 Update 3 or later
Vendor Advisory: https://www.veritas.com/content/support/en_US/security/VTS22-004
Restart Required: Yes
Instructions:
1. Download appropriate update from Veritas support portal. 2. Apply update to Primary servers first. 3. Apply update to all Clients. 4. Restart NetBackup services. 5. Verify all components are updated.
🔧 Temporary Workarounds
Network Segmentation
allRestrict network access between NetBackup Clients to prevent lateral movement
Configure firewall rules to block Client-to-Client communication except through Primary server
Access Control Hardening
allImplement strict authentication and authorization controls for NetBackup access
Review and restrict NetBackup user permissions
Implement multi-factor authentication where possible
🧯 If You Can't Patch
- Isolate NetBackup infrastructure from other critical systems using network segmentation
- Implement strict monitoring and alerting for unusual file transfer activities between Clients
🔍 How to Verify
Check if Vulnerable:
Check NetBackup version using 'bpversion' command and compare against affected versions listCheck Version:
bpversionVerify Fix Applied:
Run 'bpversion' command and verify version matches patched versions: 8.1.2.10+, 8.3.0.2.7+, 9.0.0.1.6+, 9.1.0.1.3+📡 Detection & Monitoring
Log Indicators:
- Unusual file transfer patterns between Clients
- Authentication attempts from unexpected sources
- File modification events in system directories
Network Indicators:
- Unexpected Client-to-Client file transfers
- Abnormal volume of data transfers between backup components
SIEM Query:
source="netbackup" AND (event_type="file_transfer" AND src_client!=dest_client) OR (authentication_failure AND user="netbackup")