CVE-2022-42306 An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products

Veritas has provided a patch for this issue as of version 10.1. This vulnerability can be exploited by an attacker who can spoof the pbx_exchange registration packet.

An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbx_work during registration and cause a NULL pointer exception, effectively crashing the pbx_work process.

High impact Veritas products affected

The following products are affected:
* Veritas NetBackup (All Versions)
* Veritas Backup Exec (All Versions)
* Veritas NetBackup Unix Server (All Versions)
* Veritas Replication Manager for Windows Servers

CVE-2021-42305

This is a denial-of-service issue that can be exploited by an attacker who can spoof the pbx_exchange registration packet.

These vulnerabilities are tracked as CVE-2021-42305 and CVE-2022-42306.

How to Detect Veritas NetBackup Through 8.2 and Related Veritas Products

Ensure that the following versions of software are installed on all systems in your environment:

- Veritas NetBackup through 8.2 and related Veritas products
- VMware vCenter Server 5.5 Update 2 and later
- VMware vCenter Server 6.0 Update 1 and later
Veritas will provide a patch for this issue as of version 10.1.

Timeline

Published on: 10/03/2022 15:15:00 UTC
Last modified on: 10/04/2022 21:06:00 UTC

References

• https://www.veritas.com/content/support/en_US/security/VTS22-010#M1
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42306