CVE-2024-33672 in NetBackupinfo

Summary

by MITRE • 04/26/2024

An issue was discovered in Veritas NetBackup before 10.4. The Multi-Threaded Agent used in NetBackup can be leveraged to perform arbitrary file deletion on protected files.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 06/14/2025

The vulnerability identified as CVE-2024-33672 represents a critical security flaw in Veritas NetBackup versions prior to 10.4, specifically within the Multi-Threaded Agent component. This issue exposes organizations to potential unauthorized file deletion attacks that could compromise the integrity and availability of their backup systems. The vulnerability stems from improper access controls and validation mechanisms within the agent's file handling processes, creating a pathway for malicious actors to manipulate backup operations and delete protected files without proper authorization.

The technical exploitation of this vulnerability occurs through the Multi-Threaded Agent which is designed to handle multiple backup operations simultaneously. Attackers can leverage this agent's functionality to construct malicious requests that bypass normal file access controls, resulting in arbitrary file deletion from protected backup repositories. The flaw likely involves insufficient input validation or improper privilege escalation mechanisms that allow an attacker to manipulate file paths or operations within the agent's execution context. This represents a classic case of inadequate access control enforcement where the agent fails to properly validate file operations against established security boundaries.

The operational impact of CVE-2024-33672 extends beyond simple file deletion to potentially compromise entire backup strategies and data recovery capabilities. Organizations relying on affected NetBackup versions face the risk of complete data loss if attackers exploit this vulnerability, as protected files become vulnerable to unauthorized deletion. The multi-threaded nature of the agent amplifies the potential damage since multiple files could be targeted simultaneously, and the vulnerability affects the core backup infrastructure rather than just individual files. This creates cascading effects where backup operations become unreliable and the organization's disaster recovery capabilities are significantly weakened.

Security professionals should note this vulnerability aligns with CWE-22 (Improper Limiting of a Pathname to a Restricted Directory) and CWE-73 (Restriction of XML External Entity Reference) categories, indicating improper input validation and path traversal issues. The attack vector follows patterns consistent with ATT&CK technique T1485 (Data Destruction) and T1070 (Indicator Removal on Host), as attackers could potentially delete backup files to prevent recovery and then remove evidence of their activities. Organizations should prioritize immediate patching to version 10.4 or later, which includes proper access controls and input validation mechanisms. Additionally, implementing network segmentation, monitoring for unusual backup agent activities, and conducting regular security assessments of backup systems will help mitigate the risk of exploitation and ensure continued backup integrity.

The vulnerability demonstrates the critical importance of securing backup systems as they often represent the most valuable data assets within an organization. Backup systems should never be treated as secondary security concerns, as they provide the means for data recovery and business continuity. Organizations should implement comprehensive backup security measures including regular audits of backup access controls, privileged access management for backup systems, and continuous monitoring for unauthorized backup activities. The incident highlights the need for defense-in-depth strategies that protect not just primary systems but also the supporting infrastructure that enables data recovery operations.

Responsible

MITRE

Reservation

04/26/2024

Disclosure

04/26/2024

Moderation

accepted

CPE

ready

EPSS

0.00168

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!