CVE-2017-8856

CRITICAL

Veritas Netbackup < 8.0 - Incorrect Permission Assignment

Title source: rule

Description

In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process.

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/98379

Vendor Advisory x_refsource_confirm

https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue1

Scores

CVSS v3 9.8

EPSS 0.0241

EPSS Percentile 85.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-732

Status published

Products (2)

veritas/netbackup < 8.0

veritas/netbackup_appliance < 3.0

Published May 09, 2017

Tracked Since Feb 18, 2026