CVE-2024-52945

Improper Control of Generation of Code ('Code Injection') (CWE-94)

Published: Nov 18, 2024 / Updated: 1d ago

010
CVSS 7.8EPSS 0.04%High
CVE info copied to clipboard

An issue was discovered in Veritas NetBackup before 10.5. This only applies to NetBackup components running on a Windows Operating System. If a user executes specific NetBackup commands or an attacker uses social engineering techniques to impel the user to execute the commands, a malicious DLL could be loaded, resulting in execution of the attacker's code in the user's security context.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-52945

Nov 18, 2024 at 6:15 AM
CVSS

A CVSS base score of 7.8 has been assigned.

Nov 18, 2024 at 6:20 AM / nvd
First Article

Feedly found the first article mentioning CVE-2024-52945. See article

Nov 18, 2024 at 6:21 AM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Nov 18, 2024 at 6:21 AM
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Nov 18, 2024 at 1:55 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 10.2%)

Nov 19, 2024 at 9:43 AM
Static CVE Timeline Graph

Affected Systems

Veritas/netbackup
+null more

Attack Patterns

CAPEC-242: Code Injection
+null more

News

cveNotify : 🚨 CVE-2024-52945An issue was discovered in Veritas NetBackup before 10.5. This only applies to NetBackup components running on a Windows Operating System. If a user executes specific NetBackup commands or an attacker uses social engineering techniques to impel the user to execute the commands, a malicious DLL could be loaded, resulting in execution of the attacker's code in the user's security context.🎖@cveNotify
cveNotify : 🚨 CVE-2024-52945An issue was discovered in Veritas NetBackup before 10.5. This only applies to NetBackup components running on a Windows Operating System. If a user executes specific NetBackup commands or an attacker uses social engineering techniques to impel the user to execute the commands, a malicious DLL could be loaded, resulting in execution of the attacker's code in the user's security context.🎖@cveNotify
NA - CVE-2024-52945 - An issue was discovered in Veritas NetBackup...
An issue was discovered in Veritas NetBackup before 10.5. This only applies to NetBackup components running on a Windows Operating System. If a user executes specific NetBackup commands or an...
CVE-2024-52945
An issue was discovered in Veritas NetBackup before 10.5. Gravedad 3.1 (CVSS 3.1 Base Score)
CVE-2024-52945
High Severity Description An issue was discovered in Veritas NetBackup before 10.5. This only applies to NetBackup components running on a Windows Operating System. If a user executes specific NetBackup commands or an attacker uses social engineering techniques to impel the user to execute the commands, a malicious DLL could be loaded, resulting in execution of the attacker's code in the user's security context. Read more at https://www.tenable.com/cve/CVE-2024-52945
CVE-2024-52945 | Veritas NetBackup up to 10.4 on Windows untrusted search path
A vulnerability has been found in Veritas NetBackup up to 10.4 on Windows and classified as critical . This vulnerability affects unknown code. The manipulation leads to untrusted search path. This vulnerability was named CVE-2024-52945 . The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
See 8 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:None
User Interaction:Required
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI