A critical vulnerability has been uncovered in Veritas NetBackup, the widely used enterprise backup solution. This flaw could allow unauthenticated hackers to remotely execute malicious code on NetBackup servers and clients.
The vulnerability is tracked as CVE-2024-28222 with a CVSS score of 9.8, discovered in the NetBackup BPCD process, reveals an inadequate validation of file paths, allowing an unauthenticated attacker to upload and execute a custom file.
If your organization relies on NetBackup for data protection and you are running a version before 8.1.2 (NetBackup) or 3.1.2 (NetBackup Appliance), your systems are at risk. Attackers could potentially:
- Steal sensitive data: Access your most critical backups.
- Deploy ransomware: Encrypt backups and cripple your recovery efforts.
- Take over systems: Gain a foothold within your network to launch wider attacks.
- A History of Exploited NetBackup Flaws
The best defense is immediate action:
- Upgrade ASAP: If you haven’t already, upgrade all vulnerable NetBackup instances to version 8.3.0.2 or later (NetBackup), or 3.3.0.2 MR2 or later (NetBackup Appliance).
- Assess Your Risk: Review your entire IT landscape for potential exposure and take additional protective measures as needed.
- Stay Vigilant: Monitor security alerts from Veritas and patch any future vulnerabilities promptly.
NetBackup often safeguards an organization’s most asset – its data. A breach could have devastating consequences, from financial loss to reputational damage. Don’t underestimate the seriousness of this vulnerability or the ruthlessness of those who seek to exploit it.
