CVE-2017-6408
HIGHVeritas NetBackup < 8.0 and NetBackup Appliance < 3.0 - Local Privilege Escalation via pbx_exchange Race Condition
Title source: llmDescription
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. A local-privilege-escalation race condition in pbx_exchange can occur when a local user connects to a socket before permissions are secured.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue8
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037950
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96491
Scores
CVSS v3
7.0
EPSS
0.0022
EPSS Percentile
12.6%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-362
Status
published
Products (2)
veritas/netbackup
< 8.0
veritas/netbackup_appliance
< 3.0
Published
Mar 02, 2017
Tracked Since
Feb 18, 2026