CVE-2017-8857

Published: May 9, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process.

Affected (2)

Products: Veritas: Netbackup, Netbackup Appliance

Veritas

2 products

Netbackup

Netbackup Appliance

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Veritas Netbackup	Up to 8.0
Veritas Netbackup Appliance	Up to 3.0

Related CWEs

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (4)

http://www.securityfocus.com/bid/98384

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue2

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/98384

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue2

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.