CVE-2020-37045 in NetBackup
Summary
by MITRE • 02/01/2026
Veritas NetBackup 7.0 contains an unquoted service path vulnerability in the NetBackup INET Daemon service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Veritas\NetBackup\bin\bpinetd.exe to inject malicious code that would execute with elevated LocalSystem privileges.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 02/02/2026
The vulnerability identified as CVE-2020-37045 affects Veritas NetBackup version 7.0 and represents a critical security flaw in the service path configuration of the NetBackup INET Daemon service. This issue stems from improper handling of service installation paths that lack proper quotation marks around the executable path, creating a predictable attack vector for local privilege escalation. The vulnerable service path specifically points to C:\Program Files\Veritas\NetBackup\bin\pinetd.exe, where the absence of quotation marks in the service configuration allows attackers to manipulate the execution flow through path traversal techniques.
The technical flaw manifests when the Windows service manager attempts to execute the NetBackup INET Daemon service without properly quoting the path to the executable file. This unquoted service path vulnerability falls under the Common Weakness Enumeration category CWE-428, which specifically addresses the improper handling of service paths that can lead to privilege escalation attacks. When Windows resolves the service path, it treats each directory in the path as a separate executable, potentially allowing an attacker to place a malicious executable in a directory that appears earlier in the Windows search path.
The operational impact of this vulnerability is significant as it enables local users to achieve elevated privileges through a straightforward exploitation technique. The attacker can place a malicious executable in a directory that precedes the actual NetBackup binary in the system PATH, causing the service to execute the malicious code instead of the legitimate pinetd.exe. Since the service runs with LocalSystem privileges, any code executed through this vector gains the highest level of system access, potentially allowing full system compromise. This privilege escalation vector represents a direct threat to system integrity and confidentiality, as attackers can access sensitive data, modify system configurations, or establish persistent backdoors.
The exploitation of this vulnerability aligns with ATT&CK technique T1068, which covers "Local Privilege Escalation" through service misconfigurations. Attackers can leverage this flaw to gain unauthorized access to critical system resources, potentially leading to data breaches or complete system takeover. Organizations running affected versions of Veritas NetBackup should immediately implement mitigations including proper quoting of service paths during installation, regular security audits of service configurations, and implementation of least privilege principles for service accounts. The recommended remediation involves updating to the latest version of Veritas NetBackup that addresses this specific vulnerability, ensuring that all service paths are properly quoted during installation, and conducting comprehensive security assessments to identify any other potentially vulnerable services in the system.
This vulnerability demonstrates the critical importance of proper service path configuration in Windows environments and serves as a reminder that seemingly minor configuration issues can create significant security risks. The unquoted service path vulnerability represents a classic example of how insufficient input validation and improper system configuration can lead to privilege escalation attacks. Organizations should implement robust configuration management practices, including regular service path audits, automated vulnerability scanning, and adherence to security baseline standards to prevent similar issues from occurring in other software installations.