CVE-2022-36955

EUVD-2022-39612
In Veritas NetBackup, an attacker with unprivileged local access to a NetBackup Client may send specific commands to escalate their privileges. This affects 8.0 through 8.1.2, 8.2, 8.3 through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:R
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
Affected Products (NVD)
VendorProductVersion
veritasnetbackup
8.0 ≤
𝑥
≤ 8.1.2
veritasnetbackup
8.3.0.0 ≤
𝑥
≤ 8.3.0.2
veritasnetbackup
8.2
veritasnetbackup
9.0
veritasnetbackup
9.1.0.0
𝑥
= Vulnerable software versions
References
https://www.veritas.com/content/support/en_US/security/VTS22-008#Issue2
https://www.veritas.com/content/support/en_US/security/VTS22-008#Issue2