CVE-2024-52945

HIGH

Veritas Netbackup < 10.5 - Code Injection

Title source: rule

Description

An issue was discovered in Veritas NetBackup before 10.5. This only applies to NetBackup components running on a Windows Operating System. If a user executes specific NetBackup commands or an attacker uses social engineering techniques to impel the user to execute the commands, a malicious DLL could be loaded, resulting in execution of the attacker's code in the user's security context.

References (1)

[Vendor Advisory] https://www.veritas.com/content/support/en_US/security/VTS24-012

Scores

CVSS v3 7.8

EPSS 0.0016

EPSS Percentile 36.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-94

Status published

Affected Products (1)

veritas/netbackup < 10.5

Timeline

Published Nov 18, 2024

Tracked Since Feb 18, 2026