CVE-2022-36952

EUVD-2022-39609
In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.4 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
8.4 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
Affected Products (NVD)
VendorProductVersion
veritasnetbackup
8.0 ≤
𝑥
< 8.3.0.2
veritasnetbackup
9.0
veritasnetbackup
9.1.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue6
https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue6