Path traversal in NetBackup Appliance - CVE-2013-1608
Published: March 26, 2013 / Updated: August 11, 2020
Vulnerability identifier: #VU42952
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2013-1608
CWE-ID: CWE-22
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Veritas Technologies
Affected software:
NetBackup Appliance
NetBackup Appliance
Detailed vulnerability description
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in the Management Console on the Symantec NetBackup (NBU) appliance 2.0.x. A remote authenticated attacker can send a specially crafted HTTP request and remote attackers to read arbitrary files via unspecified vectors.
How to mitigate CVE-2013-1608
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.