10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
55.5%
According to its self-reported version, the remote Veritas NetBackup Appliance is 2.7.x or 3.0.x, and may be missing a vendor-supplied security patch. It is, therefore, affected by a remote command execution vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to execute arbitrary commands with root privileges.
Note that Nessus has not checked to see if an available Emergency Engineering Binary (EEB) was applied.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(100273);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/05/29");
script_cve_id("CVE-2017-8859");
script_bugtraq_id(98383);
script_xref(name:"IAVA", value:"2017-A-0152-S");
script_name(english:"Veritas NetBackup Appliance 2.7.x / 3.0.x Remote Command Execution (VTS17-005)");
script_set_attribute(attribute:"synopsis", value:
"The remote backup management appliance is affected by a remote command
execution vulnerability.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, the remote Veritas NetBackup
Appliance is 2.7.x or 3.0.x, and may be missing a vendor-supplied
security patch. It is, therefore, affected by a remote command
execution vulnerability due to improper validation of user-supplied
input. An unauthenticated, remote attacker can exploit this to execute
arbitrary commands with root privileges.
Note that Nessus has not checked to see if an available Emergency
Engineering Binary (EEB) was applied.");
script_set_attribute(attribute:"see_also", value:"https://www.veritas.com/content/support/en_US/security/VTS17-005.html");
script_set_attribute(attribute:"see_also", value:"https://www.veritas.com/support/en_US/article.000126557");
script_set_attribute(attribute:"solution", value:
"Apply the May 7th Emergency Engineering Binary (EEB) as referenced in
the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-8859");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/07");
script_set_attribute(attribute:"patch_publication_date", value:"2017/05/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/18");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:veritas:netbackup_appliance");
script_set_attribute(attribute:"stig_severity", value:"I");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2017-2023 Tenable Network Security, Inc.");
script_dependencies("veritas_netbackup_appliance_web_console_detect.nbin");
script_require_keys("installed_sw/NetBackup Appliance", "Settings/ParanoidReport");
exit(0);
}
include("vcf.inc");
include("http.inc");
port = get_http_port(default:443);
if(!port) port = 443;
app_info = vcf::get_app_info(app:"NetBackup Appliance", webapp:true, port:port);
# If the version is less than the fixed version it may still be patched.
# Hotfixes were released for 7.7.2 and 7.7.3, so only run on paranoid.
if(report_paranoia < 2)
audit(AUDIT_PARANOID);
if( app_info.version =~ "^2\.")
{
vcf::check_granularity(app_info:app_info, sig_segments:3);
}
else if (app_info.version =~ "^3\.")
{
vcf::check_granularity(app_info:app_info, sig_segments:2);
}
constraints = [
{ "min_version" : "2.7.0", "max_version" : "2.7.2", "fixed_version" : "2.7.4", "fixed_display" : "ET3916411"},
{ "equal" : "2.7.3", "fixed_version" : "2.7.4", "fixed_display" : "ET3916412"},
{ "equal" : "3.0.0", "fixed_version" : "3.0.1", "fixed_display" : "ET3916413"}
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
Vendor | Product | Version | CPE |
---|---|---|---|
veritas | netbackup_appliance | cpe:/a:veritas:netbackup_appliance |
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
55.5%