CVE-2023-37237

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Jun 29, 2023

Updated: Jul 7, 2023

CWE ID 732

Summary

CVE-2023-37237 is a vulnerability affecting the Veritas NetBackup Appliance before version 4.1.0.1 MR3. This issue permits authenticated Admin users to bypass shell restrictions and execute arbitrary operating system commands via SSH, due to insecure permissions. This vulnerability poses a significant risk, as an attacker could potentially gain unauthorized access and control over the system, leading to data theft or unauthorized modification. It is recommended that users of affected versions upgrade to a patched version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Veritas Netbackup Appliance

Affected Vendors

Veritas

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r0AO5e
https://www.cve.org/CVERecord?id=CVE-2023-37237
https://nvd.nist.gov/vuln/detail/CVE-2023-37237

Back to Vulnerability Database