CVE-2017-6399

moderate-risk

Published 2017-03-02

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.

Do I need to act?

0.47% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

LOCAL / LOW complexity

Affected Products (3)

Access

Netbackup

Netbackup Appliance

Affected Vendors

Veritas

References (4)

http://www.securityfocus.com/bid/96490

Vendor Advisory https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue4

http://www.securityfocus.com/bid/96490

Vendor Advisory https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue4

/ 100

moderate-risk

Severity 27/34 · High

Exploitability 2/34 · Minimal

Exposure 9/34 · Low