CVE-2023-40256

Name of the Vulnerable Software and Affected Versions Veritas NetBackup Snapshot Manager versions prior to 10.2.0.1

Description A vulnerability in Veritas NetBackup Snapshot Manager is related to errors in the procedure for confirming the authenticity of a certificate. This vulnerability can be exploited by a remote attacker to interact with the RabbitMQ service. The issue is caused by improper validation of the client certificate due to misconfiguration of the RabbitMQ service. Exploiting this vulnerability impacts the confidentiality and integrity of messages that control backup and restore jobs and could result in the service becoming unavailable. This vulnerability only affects the jobs that control backup and restore activities and does not allow access to or deletion of the backup snapshot data itself.

Recommendations For versions prior to 10.2.0.1, update to version 10.2.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the RabbitMQ service to minimize the risk of exploitation. Avoid using misconfigured client certificates in the affected RabbitMQ service until the issue is resolved.