CVE-2023-37237

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-37237
In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH.

7.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.veritas.com/content/support/en_US/security/VTS23-004 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:h:veritas:netbackup_appliance:*:*:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*
History

No history.

Information

Published : 2023-06-29 02:15

Updated : 2023-07-07 16:00

NVD link : CVE-2023-37237

Mitre link : CVE-2023-37237

CVE.ORG link : CVE-2023-37237

JSON object : View

Products Affected

veritas

  • netbackup_appliance
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource