CVE-2024-52945 | NetBackup Operational Intel

Executive Risk Summary

"A vulnerability in Veritas NetBackup before version 10.5 allows a malicious DLL to be loaded, resulting in execution of the attacker's code in the user's security context. This vulnerability can be exploited by executing specific NetBackup commands or through social engineering techniques."

Operational Audit Arsenal

Target Type DLL

Target Asset Unknown/Malicious DLL

Standard Path %windir%\System32

PowerShell

# 🛠️ Senior Engineer Universal Audit
# Target: Unknown/Malicious DLL (DLL)
$Targets = 'Unknown/Malicious DLL'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")

Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue | 
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}

Patch Impact Forecast

Reboot Required Likely

Backup services

Internal Work Notes

Apply NetBackup version 10.5 or later to mitigate vulnerability CVE-2024-52945, which allows malicious DLL loading and code execution.

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttps://www.veritas.com/content/support/en_US/security/VTS24-012

Related Veritas Threats

CVE-2025-27816 CVSS 9.8

Arctera InfoScale - Plugin_Host

CVE-2024-28222 CVSS 9.8

NetBackup - BPCD process

CVE-2024-53909 CVSS 9.8

Veritas Enterprise Vault - Server

Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.