CVE-2024-34404
📋 TL;DR
This vulnerability allows NetBackup administrators to modify the expiration of Governance mode backups in Veritas NetBackup, potentially causing premature deletion of data that should be retention-locked. It affects organizations using NetBackup's Alta Recovery Vault feature with Governance mode enabled. Only NetBackup administrators can exploit this privilege escalation flaw.
💻 Affected Systems
- Veritas NetBackup
- Veritas NetBackup Appliance
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Critical backup data under Governance retention lock is prematurely deleted, causing permanent data loss and potential regulatory compliance violations.
Likely Case
Accidental or intentional modification of backup expiration dates leads to data loss before intended retention periods expire.
If Mitigated
With proper access controls and monitoring, unauthorized modifications can be detected and prevented before data loss occurs.
🎯 Exploit Status
Exploitation requires authenticated NetBackup administrator access to the affected systems.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: NetBackup 10.4, NetBackup Appliance 5.4
Vendor Advisory: https://www.veritas.com/support/en_US/security/VTS24-004
Restart Required: Yes
Instructions:
1. Download and install NetBackup 10.4 or NetBackup Appliance 5.4 from Veritas support portal. 2. Apply the update to all affected NetBackup servers and appliances. 3. Restart NetBackup services after installation.
🔧 Temporary Workarounds
Restrict NetBackup Administrator Access
allLimit the number of NetBackup administrators and implement strict access controls to reduce attack surface.
Enhanced Monitoring of Governance Mode Changes
allImplement alerts for any modifications to Governance mode backup expiration settings.
🧯 If You Can't Patch
- Implement strict role-based access control (RBAC) to limit who can modify Governance mode settings
- Enable detailed audit logging for all backup expiration modifications and review logs regularly
🔍 How to Verify
Check if Vulnerable:
Check NetBackup version: On NetBackup master server, run 'bpversion' command and verify version is below 10.4. For appliances, check appliance version in web interface.Check Version:
bpversionVerify Fix Applied:
After patching, verify version is 10.4 or higher using 'bpversion' command. Test that NetBackup administrators can no longer modify Governance mode backup expiration.📡 Detection & Monitoring
Log Indicators:
- Audit logs showing modification of Governance mode backup expiration settings
- Unexpected changes to backup retention policies in Governance mode
Network Indicators:
- Unauthorized API calls to modify backup expiration settings
SIEM Query:
source="netbackup" AND (event_type="policy_modification" OR event_type="retention_change") AND policy_mode="Governance"