PatchSiren cyber security CVE debrief

CVE-2017-6409 Veritas CVE debrief

CVE-2017-6409 is a critical network-reachable access-control flaw in Veritas NetBackup and NetBackup Appliance. The issue affects NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, where unauthenticated CORBA interfaces can permit inappropriate access. Because the CVSS vector is 9.8 (network, no privileges, no user interaction, high confidentiality/integrity/availability impact), this should be treated as urgent for any environment still running affected versions.

Vendor: Veritas
Product: CVE-2017-6409
CVSS: CRITICAL 9.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-03-02
Original CVE updated: 2026-05-13
Advisory published: 2017-03-02
Advisory updated: 2026-05-13

Who should care

Veritas NetBackup and NetBackup Appliance administrators, backup platform owners, security operations teams, and vulnerability managers responsible for legacy infrastructure or externally reachable management services.

Technical summary

NVD describes the weakness as unauthenticated CORBA interfaces permitting inappropriate access, mapped to CWE-306. The affected CPE ranges are Veritas NetBackup up to and including 8.0 and Veritas NetBackup Appliance up to and including 3.0. The CVSS 3.0 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating remote exploitation without authentication or user interaction and potential full triad impact.

Defensive priority

Urgent / immediate if affected versions are present, especially if management or CORBA-related services are reachable from untrusted networks.

Recommended defensive actions

Inventory all Veritas NetBackup and NetBackup Appliance deployments and confirm whether any instance is at or below the affected version ranges.
Restrict network reachability to backup-management and CORBA-related interfaces using segmentation, firewall rules, and administrative access controls.
Apply the vendor's remediation guidance from the Veritas security advisory and upgrade to a fixed release if any affected versions remain in service.
Review authentication and access-control assumptions for exposed service endpoints; unauthenticated service exposure should be treated as a critical finding.
Monitor logs and administrative activity for unexpected access attempts or unusual use of backup-management interfaces.
If immediate remediation is not possible, isolate affected systems from untrusted networks and reduce exposure until they can be upgraded.

Evidence notes

The supplied NVD record states: "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access." NVD also supplies CVSS 3.0 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H and CWE-306, and lists the affected CPE criteria for NetBackup and NetBackup Appliance. The vendor advisory reference is included in the corpus, but the advisory text itself was not supplied here.

Official resources

CVE-2017-6409 CVE record
CVE.org
CVE-2017-6409 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Vendor Advisory

CVE published on 2017-03-02; NVD record last modified on 2026-05-13.