CVE-2023-37237

EUVD-2023-41157
In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
mitreCNA
6.5 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AC:L/AV:N/A:H/C:N/I:H/PR:H/S:U/UI:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
Affected Products (NVD)
VendorProductVersion
veritasnetbackup_appliance
𝑥
< 4.1.0.1
veritasnetbackup_appliance
4.1.0.1:maintenance_release1
veritasnetbackup_appliance
4.1.0.1:maintenance_release2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.veritas.com/content/support/en_US/security/VTS23-004
https://www.veritas.com/content/support/en_US/security/VTS23-004