Path traversal in NetBackup Appliance
| Risk | Medium |
| Patch available | NO |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2013-1608 |
| CWE-ID | CWE-22 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
NetBackup Appliance Client/Desktop applications / Multimedia software |
| Vendor | Veritas Technologies |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Path traversal
EUVDB-ID: #VU42952
Risk: Medium
CVSSv3.1: 4.4 [CVSS:3.1/AV:A/AC:L/PR:/UI:N/S:U/C:H/I:L/A:L/E:U/RL:U/RC:C]
CVE-ID: CVE-2013-1608
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in the Management Console on the Symantec NetBackup (NBU) appliance 2.0.x. A remote authenticated attacker can send a specially crafted HTTP request and remote attackers to read arbitrary files via unspecified vectors.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsNetBackup Appliance: 2.0.0
External linkshttp://www.securityfocus.com/bid/58542
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130320_00
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
