CVE-2024-54664

Name of the Vulnerable Software and Affected Versions: Veritas NetBackup versions prior to 10.5

Description: The issue is related to an uncontrolled search path element in Veritas NetBackup, which can be exploited to elevate privileges and execute arbitrary commands by loading malicious DLL libraries. This vulnerability applies only to NetBackup components running on a Windows Operating System. If a user executes specific NetBackup commands or an attacker uses social engineering techniques to impel the user to execute the commands, a malicious DLL could be loaded, resulting in execution of the attacker's code in the user's security context.

Recommendations: For versions prior to 10.5, consider disabling the execution of specific NetBackup commands that could lead to the loading of malicious DLLs until a patch is available. Restrict access to NetBackup components running on Windows Operating Systems to minimize the risk of exploitation. Avoid using social engineering techniques that could impel users to execute commands that load malicious DLLs. At the moment, there is no information about a newer version that contains a fix for this vulnerability.