PT-2017-18586 · Veritas · Veritas Netbackup Appliance+1

Publicado

2017-05-09

Atualizado

2019-10-03

CVE-2017-8856

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Veritas NetBackup versions 8.0 and earlier Veritas NetBackup Appliance versions 3.0 and earlier

Description The issue allows for unauthenticated, arbitrary remote command execution. This is achieved through the 'bprd' process.

Recommendations For Veritas NetBackup versions 8.0 and earlier, consider disabling the 'bprd' process as a temporary workaround until a patch is available. For Veritas NetBackup Appliance versions 3.0 and earlier, restrict access to the 'bprd' process to minimize the risk of exploitation.

Correção

Incorrect Permission

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-732

Identificadores relacionados

CVE-2017-8856

Produtos afetados

Veritas Netbackup

Veritas Netbackup Appliance

PT-2017-18586 · Veritas · Veritas Netbackup Appliance+1

CVE-2017-8856

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4