PT-2022-18078 · Veritas · Veritas System Recovery

Published

2022-03-09

Updated

2022-03-18

CVE-2022-26778

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Veritas System Recovery (VSR) versions 18 and 21

Description The issue allows a Windows user with sufficient privileges to access a network file system they were not authorized to access, due to the storage of a network destination password in the Windows registry during the configuration of the backup configuration.

Recommendations For Veritas System Recovery (VSR) versions 18 and 21, consider restricting access to the Windows registry to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312

Related Identifiers

CVE-2022-26778

Affected Products

Veritas System Recovery

PT-2022-18078 · Veritas · Veritas System Recovery

CVE-2022-26778

Weakness Enumeration

Related Identifiers

Affected Products

References · 3