PatchSiren cyber security CVE debrief

CVE-2017-6399 Veritas CVE debrief

CVE-2017-6399 affects Veritas NetBackup before 7.7.2 and NetBackup Appliance before 2.7.2. The issue is described as privileged remote command execution on NetBackup Server and Client, including cases on the server or a connected client. Because the CVSS vector in NVD indicates low-privilege, local access with changed scope and high impact, defenders should treat this as a serious post-authentication compromise risk for backup infrastructure rather than a purely unauthenticated network flaw.

Vendor: Veritas
Product: CVE-2017-6399
CVSS: HIGH 8.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-03-02
Original CVE updated: 2026-05-13
Advisory published: 2017-03-02
Advisory updated: 2026-05-13

Who should care

Backup administrators, endpoint and server security teams, and anyone operating Veritas NetBackup servers, NetBackup clients, or NetBackup Appliances in affected versions. Organizations that rely on NetBackup for recovery operations should prioritize this because compromise of backup systems can expose sensitive data and weaken incident recovery.

Technical summary

The NVD record lists affected CPEs for Veritas Access up to 7.2.1, Veritas NetBackup up to 7.7.1, and Veritas NetBackup Appliance up to 2.7.1. The NVD CVSS 3.0 vector is AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H, which indicates that an attacker needs some level of local/authorized access and low privileges, but successful exploitation can lead to command execution with broad impact across confidentiality, integrity, and availability. The vendor advisory is the primary remediation reference in the supplied corpus.

Defensive priority

High. The issue scores 8.8 and is capable of privileged command execution on backup infrastructure, which can materially affect data protection, system integrity, and recovery readiness. It is not marked as KEV in the supplied enrichment, but the operational risk is still significant because backup platforms are high-value targets.

Recommended defensive actions

Upgrade Veritas NetBackup to 7.7.2 or later.
Upgrade Veritas NetBackup Appliance to 2.7.2 or later.
Review any Veritas Access deployments at or below 7.2.1 and apply the vendor guidance referenced in the advisory.
Limit who can administer NetBackup servers and clients, and review low-privilege accounts with access to backup hosts.
Monitor backup infrastructure for unexpected command execution, configuration changes, or admin activity around affected versions.
Use the Veritas vendor advisory as the primary remediation reference for this CVE.

Evidence notes

All version and impact statements are taken from the supplied NVD record and the Veritas vendor advisory reference embedded in the source corpus. The published date is 2017-03-02 and the modified date is 2026-05-13, matching the supplied timeline. No exploit details or unsupported claims are included.

Official resources

CVE-2017-6399 CVE record
CVE.org
CVE-2017-6399 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Vendor Advisory

CVE published on 2017-03-02 and last modified on 2026-05-13. The supplied enrichment does not mark this CVE as CISA KEV.