PT-2017-3514 · Veritas · Veritas Netbackup Appliance+1

Publicado

2017-02-28

Atualizado

2019-10-03

CVE-2017-6406

CVSS v3.1

8.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Veritas NetBackup versions prior to 7.7.2 Veritas NetBackup Appliance versions prior to 2.7.2

Description The issue allows for arbitrary privileged command execution using whitelist directory escape with "../" substrings. It is related to insufficient restriction of permitted user command execution. An attacker can exploit this to execute arbitrary privileged commands.

Recommendations For Veritas NetBackup versions prior to 7.7.2, update to version 7.7.2 or later. For Veritas NetBackup Appliance versions prior to 2.7.2, update to version 2.7.2 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

BDU:2018-00374

CVE-2017-6406

Produtos afetados

Veritas Netbackup

Veritas Netbackup Appliance

PT-2017-3514 · Veritas · Veritas Netbackup Appliance+1

CVE-2017-6406

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5