CVE-2022-36955

In Veritas NetBackup, an attacker with unprivileged local access to a NetBackup Client may send specific commands to escalate their privileges. This affects 8.0 through 8.1.2, 8.2, 8.3 through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:R
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
VendorProductVersion
veritasnetbackup
8.0 ≤
𝑥
≤ 8.1.2
veritasnetbackup
8.3.0.0 ≤
𝑥
≤ 8.3.0.2
veritasnetbackup
8.2
veritasnetbackup
9.0
veritasnetbackup
9.1.0.0
𝑥
= Vulnerable software versions
References
https://www.veritas.com/content/support/en_US/security/VTS22-008#Issue2
https://www.veritas.com/content/support/en_US/security/VTS22-008#Issue2