Please note: This vulnerability affects NetBackup customers on Windows Only
Veritas OpenSSL Vulnerability in NetBackup and OpsCenter for Windows
Situation
Veritas has found a vulnerability in NetBackup and OpsCenter that could allow attackers to remotely run code as administrator
Problem
Veritas has found 2 potential vulnerabilities in NetBackup and OpsCenter that could allow remote attackers to exploit the vulnerabilities, and remotely compromise the system by running programs as administrator.
The first issue is when NetBackup is using OpenSSL to attempt to load libraries in paths that do not exist. The Second issue is when NetBackup processes are using Strawberry Perl which will attempt to load and execute libraries in paths that do not exist by default.
Implication
Any unpatched NetBackup and OpsCenter pre-versions 8.3.0.1 are vulnerable to remote attack via exploiting OpenSSL and Strawberry Perl where if exploited the attackers could run arbitrary code as administrator and possibly take over the system remotely.
Need
Veritas recommends that you update and install the latest hotfixes for the newer versions or visit the link below for detailed information and workarounds for other versions.
For a more detailed overview:
https://www.veritas.com/content/support/en_US/security/VTS20-016
