CVE-2024-35204 is a critical vulnerability identified in Veritas System Recovery (VSR) - a powerful data backup and recovery software. In versions before 23.2_Hotfix, the software exhibits incorrect permissions for the Veritas System Recovery folder. This vulnerability enables low-privileged users to launch potential attacks by tampering with the sensitive data stored within these folders. As a result of this flaw, organizations using the affected software face a significantly increased risk of unauthorized access to their confidential data.
In this blog post, we delve deeper into the details of this vulnerability, discuss exploit scenarios, and provide guidance on mitigating the security risks.
Vulnerability Details
Veritas published an official security advisory outlining the details of the vulnerability (CVE-2024-35204) which can be found here. According to the advisory, Veritas System Recovery before version 23.2_Hotfix has incorrect permissions set on the VSR folder. This creates a scenario in which executables and sensitive data files within the folder can be modified by a low-privileged user, potentially leading to unauthorized access to an organization's data.
Unauthorized Data Access
As a first step, an attacker with low-privileged access to the affected system locates the improperly secured folder containing the VSR software files. Since these folders store sensitive data, such as configuration files and executables, modification of these files can grant unauthorized access to an organization's data.
# Malicious code snippet example
def manipulate_vsr_files():
vsr_folder = 'C:\\Program Files\\Veritas\\VSR\\'
sensitive_files = list_file_paths(vsr_folder)
for file in sensitive_files:
tamper_with_file(file)
# A possible function to search for sensitive files
def list_file_paths(folder):
# implementation for listing files
pass
# A possible function to manipulate sensitive files
def tamper_with_file(file_path):
# implementation for tampering with files
pass
Execution of Malicious Code
Another potential exploit involves a low-privileged user replacing one of the VSR executable files in the poorly secured folder with a malicious executable. When the VSR application attempts to run the executable, the malicious code is executed as well, potentially compromising the entire system.
Mitigation Steps
To mitigate the security risks posed by this vulnerability, organizations should take the following steps:
Update VSR Software
Veritas has provided a hotfix for this vulnerability, which is available in version 23.2_Hotfix of the software. Organizations using affected versions of this software should immediately upgrade to the patched version, downloadable from the Veritas support site.
Review & Correct File Permissions
To ensure the security of VSR folders, organizations should review and correct the file permissions settings, particularly for executable files and sensitive data files residing within these folders.
# PowerShell example to set correct permissions on VSR folder
$vsrFolderPath = "C:\Program Files\Veritas\VSR\"
$accessRights = New-Object System.Security.AccessControl.FileSystemAccessRule("Administrators", "FullControl", "ContainerInherit, ObjectInherit", "None", "Allow")
$acl = Get-Acl $vsrFolderPath
$acl.AddAccessRule($accessRights)
Set-Acl $vsrFolderPath $acl
Monitor & Audit Access
Organizations should continuously monitor and audit access to sensitive data files associated with VSR software to ensure unauthorized access attempts are logged, reported, and addressed.
In conclusion, the CVE-2024-35204 vulnerability in Veritas System Recovery presents a significant security risk to organizations using affected versions of the software. However, by promptly applying the hotfix provided by Veritas and ensuring that proper file permissions are in place, organizations can effectively minimize the risks associated with this vulnerability.
Timeline
Published on: 05/14/2024 15:39:42 UTC
Last modified on: 07/03/2024 02:01:28 UTC