Allele Security Alert
ASA-2018-00004
Identifier(s)
ASA-2018-00004, CVE-2018-18652, VTS18-003
Title
Use-after-free vulnerability in Veritas Backup Exec agents can lead to a denial of service or remote code execution
Vendor(s)
Veritas
Product(s)
Veritas NetBackup Appliance
Affected version(s)
Veritas NetBackup Appliance 3.1.1 and earlier
Fixed version(s)
NetBackup Appliance 3.1.2
Description
Remote command execution vulnerability in Veritas NetBackup Appliance that allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient filtering of user provided input.
Technical details
Unknown
Reference(s)
VTS18-003: Remote command execution vulnerability in NetBackup Appliance
https://www.veritas.com/content/support/en_US/security/VTS18-003.html
CVE-2018-18652
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18652
CVE-2018-18652
https://nvd.nist.gov/vuln/detail/CVE-2018-18652
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: February 1, 2019