Vulnerabilities > CVE-2017-8859 - Unspecified vulnerability in Veritas Netbackup Appliance

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

critical

nessus

NVD

Published: 2017-05-09

Updated: 2019-10-03

Summary

In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root.

Part	Description	Count
Application	Veritas Veritas Netbackup Appliance 3.0 Veritas Netbackup Appliance 1.1.0.1 Veritas Netbackup Appliance 1.1.0.2 Veritas Netbackup Appliance 1.2 Veritas Netbackup Appliance 2.0 Veritas Netbackup Appliance 2.0.1 Veritas Netbackup Appliance 2.0.2 Veritas Netbackup Appliance 2.0.3 Veritas Netbackup Appliance 2.5 Veritas Netbackup Appliance 2.5.1 Veritas Netbackup Appliance 2.5.2 Veritas Netbackup Appliance 2.5.3 Veritas Netbackup Appliance 2.6 Veritas Netbackup Appliance 2.6.0.2 Veritas Netbackup Appliance 2.6.0.3 Veritas Netbackup Appliance 2.6.0.4 Veritas Netbackup Appliance 2.6.1 Veritas Netbackup Appliance 2.6.1.1 Veritas Netbackup Appliance 2.6.1.2 Veritas Netbackup Appliance 2.7.1 Veritas Netbackup Appliance 2.7.2 Veritas Netbackup Appliance 2.7.3	22

NASL family	CGI abuses
NASL id	VERITAS_NETBACKUP_APPLIANCE_VTS17-005.NASL
description	According to its self-reported version, the remote Veritas NetBackup Appliance is 2.7.x or 3.0.x, and may be missing a vendor-supplied security patch. It is, therefore, affected by a remote command execution vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to execute arbitrary commands with root privileges. Note that Nessus has not checked to see if an available Emergency Engineering Binary (EEB) was applied.
last seen	2020-06-01
modified	2020-06-02
plugin id	100273
published	2017-05-18
reporter	This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/100273
title	Veritas NetBackup Appliance 2.7.x / 3.0.x Remote Command Execution (VTS17-005)

NASL family	CGI abuses
NASL id	VERITAS_NETBACKUP_APPLIANCE_VTS17-005_EXPLOIT.NASL
description	The remote Veritas NetBackup Appliance is affected by a remote command execution vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted GET request, to execute arbitrary commands with root privileges. Nessus was able to exploit the vulnerability by sending a GET request to /appliancews/getLicense with the command
last seen	2020-06-01
modified	2020-06-02
plugin id	101301
published	2017-05-22
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/101301
title	Veritas NetBackup Appliance 2.7.x / 3.0.x Remote Command Execution (VTS17-005) (exploit)