CVE-2022-36997

7.1 HIGH

Denial of Service SSRF

📋 TL;DR

This vulnerability in Veritas NetBackup allows authenticated attackers on NetBackup Clients to remotely read arbitrary files, perform Server-Side Request Forgery (SSRF), and cause denial of service. It affects multiple NetBackup versions from 8.1.x through 9.1.0.1. Organizations using these vulnerable versions are at risk.

💻 Affected Systems

Products:

Veritas NetBackup
Related NetBackup products

Versions: 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1

Operating Systems: All supported NetBackup platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to NetBackup Client. All default configurations are vulnerable.

📦 What is this software?

Flex Appliance by Veritas

View all CVEs affecting Flex Appliance →

Flex Appliance by Veritas

View all CVEs affecting Flex Appliance →

Flex Appliance by Veritas

View all CVEs affecting Flex Appliance →

Flex Appliance by Veritas

View all CVEs affecting Flex Appliance →

Flex Appliance by Veritas

View all CVEs affecting Flex Appliance →

Flex Appliance by Veritas

View all CVEs affecting Flex Appliance →

Flex Scale by Veritas

View all CVEs affecting Flex Scale →

Flex Scale by Veritas

View all CVEs affecting Flex Scale →

Netbackup by Veritas

View all CVEs affecting Netbackup →

Netbackup by Veritas

View all CVEs affecting Netbackup →

Netbackup by Veritas

View all CVEs affecting Netbackup →

Netbackup by Veritas

View all CVEs affecting Netbackup →

Netbackup by Veritas

View all CVEs affecting Netbackup →

Netbackup by Veritas

View all CVEs affecting Netbackup →

Netbackup by Veritas

View all CVEs affecting Netbackup →

Netbackup by Veritas

View all CVEs affecting Netbackup →

Netbackup by Veritas

View all CVEs affecting Netbackup →

Netbackup by Veritas

View all CVEs affecting Netbackup →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

Netbackup Appliance by Veritas

View all CVEs affecting Netbackup Appliance →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could read sensitive system files, perform SSRF attacks against internal services, and disrupt backup operations causing data loss or business continuity issues.

🟠

Likely Case

Authenticated attackers exploiting file read capabilities to access sensitive configuration or credential files, potentially leading to further system compromise.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to isolated backup infrastructure without affecting production systems.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated access to NetBackup Client. No public exploit code available at time of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply patches as specified in VTS22-004 advisory

Vendor Advisory: https://www.veritas.com/content/support/en_US/security/VTS22-004

Restart Required: Yes

Instructions:

1. Review VTS22-004 advisory for specific patch versions. 2. Download appropriate patches from Veritas support portal. 3. Apply patches following Veritas documentation. 4. Restart NetBackup services as required.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to NetBackup Clients from untrusted networks

Access Control Hardening

all

Implement strict authentication and authorization controls for NetBackup Client access

🧯 If You Can't Patch

Implement strict network segmentation to isolate NetBackup infrastructure
Enhance monitoring and logging for suspicious NetBackup Client activities

🔍 How to Verify

Check if Vulnerable:

Check NetBackup version against affected ranges: 8.1.x-8.1.2, 8.2, 8.3.x-8.3.0.2, 9.x-9.0.0.1, 9.1.x-9.1.0.1

Check Version:

On NetBackup master server: vxpbx_exchange -getversion

Verify Fix Applied:

Verify NetBackup version is updated beyond affected ranges and check patch installation logs

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns from NetBackup Clients
SSRF attempts in NetBackup logs
Authentication anomalies

Network Indicators:

Unexpected outbound connections from NetBackup infrastructure
Unusual traffic patterns to/from NetBackup Clients

SIEM Query:

source="netbackup" AND (event_type="file_access" OR event_type="authentication_failure")

📊 Metadata

CVE ID: CVE-2022-36997

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

CWE: CWE-918

Published: July 28, 2022

Last Updated: November 21, 2024

🔗 References

https://www.veritas.com/content/support/en_US/security/VTS22-004#h9 Patch,Vendor Advisory
https://www.veritas.com/content/support/en_US/security/VTS22-004#h9 Patch,Vendor Advisory