PatchSiren cyber security CVE debrief

CVE-2017-6402 Veritas CVE debrief

CVE-2017-6402 is a Veritas NetBackup denial-of-service vulnerability affecting NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. The issue can impact server availability, which is especially important in backup infrastructure because disruption can delay or prevent recovery operations. NVD rates the issue CVSS 3.0 6.5 (medium) with network attack vector, low attack complexity, low privileges required, no user interaction, and high availability impact.

Vendor: Veritas
Product: CVE-2017-6402
CVSS: MEDIUM 6.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-03-02
Original CVE updated: 2026-05-13
Advisory published: 2017-03-02
Advisory updated: 2026-05-13

Who should care

NetBackup administrators, backup platform owners, appliance operators, and security teams responsible for Veritas environments should review this issue, especially where backup servers are broadly reachable or mission-critical.

Technical summary

NVD describes the vulnerability as a denial-of-service condition affecting the NetBackup server. The published CVSS vector is CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating a network-reachable issue that requires only low privileges and no user interaction, with impact confined to availability. The affected product scope in NVD includes Veritas NetBackup up to 8.0 and NetBackup Appliance up to 3.0. NVD also classifies the weakness as NVD-CWE-noinfo, so the corpus does not provide a specific root-cause CWE.

Defensive priority

Medium. The CVSS score is medium, but backup-server availability is operationally important, so prioritize remediation sooner if the NetBackup server is production-critical, exposed to broad network access, or used for recovery-dependent workloads.

Recommended defensive actions

Review Veritas security advisory VTS17-003 (Issue 3) for the vendor's remediation guidance.
Inventory NetBackup and NetBackup Appliance deployments to confirm whether any systems are at or below the affected versions listed by NVD.
Restrict network access to NetBackup management and server interfaces to trusted administrative systems only.
Monitor NetBackup server availability and service health for unexpected restarts, hangs, or denial-of-service symptoms.
Plan and apply the vendor-recommended fixed release or upgrade path as directed by Veritas.

Evidence notes

The debrief is based on the official CVE/NVD record and the linked Veritas advisory reference. NVD lists affected CPEs for Veritas NetBackup up to 8.0 and NetBackup Appliance up to 3.0, and provides the CVSS 3.0 vector AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The supplied corpus does not include the full text of the Veritas advisory or any exploit details.

Official resources

CVE-2017-6402 CVE record
CVE.org
CVE-2017-6402 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Vendor Advisory

Publicly disclosed on 2017-03-02. The NVD record was later modified on 2026-05-13. No KEV listing is present in the supplied data.