CVE-2024-28222

CRITICAL

Veritas Netbackup < 8.1.2 - Path Traversal

Title source: rule

Description

In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file.

Exploits (1)

inthewild

poc

https://github.com/c0d3b3af/cve-2024-28222-netbackup-rce-exploit

View on inthewild

References (1)

[Vendor Advisory] https://www.veritas.com/content/support/en_US/security/VTS23-010

Scores

CVSS v3 9.8

EPSS 0.0141

EPSS Percentile 80.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-22

Status published

Products (2)

veritas/netbackup < 8.1.2

veritas/netbackup_appliance < 3.1.2

Published Mar 07, 2024

Tracked Since Feb 18, 2026