Security Updates: Attackers could target Veritas NetBackup in a variety of ways
In current versions of the backup solution NetBackup from Veritas, the developers have closed critical gaps, among other things.
Enterprise systems could be subject to a cyberattack when backed up with Veritas NetBackup, NetBackup Appliance, Flex Appliance or Flex Scale. The developers recommend a speedy update.
The specifically threatened and protected versions of the backup solutions are listed in a warning message. Admins should study the list carefully and install the available hotfixes. If no hotfix is available, users must upgrade to a higher version. The hotfixes are available for primary servers and media servers.
Dangerous vulnerabilities
If attackers have authenticated access to the NetBackup client, they could look at two “critical“ Fix security gaps (CVE numbers not yet assigned). How attacks work in detail is currently unknown. If attacks fail, it should be possible to execute malicious code remotely.
Further vulnerabilities could enable attackers to access files without authorization or to acquire higher user rights. The gaps are marked with “high” and “medium“ classified.
critical danger
In another warning, the developers point out that attackers could target other vulnerabilities in NetBackup Client. One of them is considered “critical“. After a successful attack, the client should execute the attacker’s commands.
