CVE-2004-1389

Veritas NetBackup 3.4-4.5 and 5.0-5.1 - Remote Code Execution via bpjava-susvc Process

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2004-1389. PoCs published by patrick, aushack, including Metasploit module exploits/multi/misc/veritas_netbackup_cmdexec.

AI-analyzed exploit summary This Metasploit module exploits CVE-2004-1389 in VERITAS NetBackup, allowing arbitrary command execution on an ephemeral port opened during administrator authentication. The exploit sends a crafted payload to execute commands as root or SYSTEM.

Description

Unknown vulnerability in the Veritas NetBackup Administrative Assistant interface for NetBackup BusinesServer 3.4, 3.4.1, and 4.5, DataCenter 3.4, 3.4.1, and 4.5, Enterprise Server 5.1, and NetBackup Server 5.0 and 5.1, allows attackers to execute arbitrary commands via the bpjava-susvc process, possibly related to the call-back feature.

Exploits (2)

exploitdb WORKING POC VERIFIED
by patrick · rubyremotemultiple
https://www.exploit-db.com/exploits/9941

This Metasploit module exploits CVE-2004-1389 in VERITAS NetBackup, allowing arbitrary command execution on an ephemeral port opened during administrator authentication. The exploit sends a crafted payload to execute commands as root or SYSTEM.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: VERITAS NetBackup
Auth required
Prerequisites: Administrator authentication to NetBackup · Access to the ephemeral port
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by aushack · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/misc/veritas_netbackup_cmdexec.rb

This Metasploit module exploits a remote command execution vulnerability in Veritas NetBackup by sending a crafted payload to an ephemeral port opened during administrator authentication. It allows arbitrary command execution as root or SYSTEM.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Veritas NetBackup (versions affected by CVE-2004-1389)
Auth required
Prerequisites: Administrator authentication to Veritas NetBackup · Access to the ephemeral port opened by the service
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Patch, Vendor Advisory third-party-advisory government-resource x_refsource_ciac
http://www.ciac.org/ciac/bulletins/p-020.shtml
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17811
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/12901/
Patch, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/685456
Patch, Vendor Advisory x_refsource_confirm
http://seer.support.veritas.com/docs/271727.htm
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/11494

Scores

EPSS 0.0986
EPSS Percentile 95.0%

Details

Status published
Products (5)
veritas/netbackup 3.4.0 (2 CPE variants)
veritas/netbackup 3.4.1 (2 CPE variants)
veritas/netbackup 4.5.0 (2 CPE variants)
veritas/netbackup 5.0
veritas/netbackup 5.1 (2 CPE variants)
Published Dec 31, 2004
Tracked Since Feb 18, 2026