CVE-2024-52945

Name of the Vulnerable Software and Affected Versions Veritas NetBackup versions prior to 10.5

Description The issue is related to the failure to neutralize special elements used in the operating system command. This could allow a remote attacker to execute arbitrary code if a user loads a specially crafted DLL file. The vulnerability can be exploited if a user executes specific NetBackup commands or if an attacker uses social engineering techniques to force the user to execute these commands, resulting in the execution of the attacker's code in the user's security context.

Recommendations For versions prior to 10.5, update to version 10.5 or later to resolve the issue. As a temporary workaround, consider restricting the execution of specific NetBackup commands and be cautious of social engineering techniques that may trick users into executing malicious commands. Additionally, avoid loading unknown or untrusted DLL files to minimize the risk of exploitation.