CVE-2024-33671 is a vulnerability discovered in Veritas Backup Exec versions prior to 22.2 HotFix 917391, specifically within the Backup Exec Deduplication Multi-threaded Streaming Agent component. This flaw allows an attacker to perform arbitrary file deletion on protected backup files. The root cause is related to improper handling of file deletion requests, categorized under CWE-73 (External Control of File Name or Path). An unauthenticated attacker with local access to the system can exploit this vulnerability without requiring user interaction or elevated privileges. The attack vector is local, meaning the attacker must have some form of access to the system hosting the Backup Exec software. Exploiting this vulnerability can lead to deletion of critical backup files, severely impacting the integrity and availability of backup data. Although confidentiality is not directly affected, the loss or corruption of backup files can disrupt disaster recovery processes and lead to significant operational downtime. No public exploits are currently known, but the vulnerability's characteristics suggest it could be weaponized in targeted attacks or insider threat scenarios. The vulnerability has a CVSS v3.1 base score of 7.7, reflecting high severity due to its impact on integrity and availability, ease of exploitation, and lack of required privileges or user interaction. Veritas has released HotFix 917391 for version 22.2 to address this issue, but no patch links were provided in the source data.

The primary impact of CVE-2024-33671 is the potential deletion of protected backup files, which compromises the integrity and availability of critical backup data. This can lead to failed recovery operations, data loss, and extended downtime for organizations relying on Veritas Backup Exec for data protection. The inability to restore data from backups can have severe operational, financial, and reputational consequences, especially for enterprises with stringent data retention and disaster recovery requirements. Since the vulnerability can be exploited without authentication or user interaction but requires local access, it poses a significant risk in environments where attackers can gain local system access through other means, such as lateral movement, insider threats, or compromised credentials. The lack of confidentiality impact means sensitive data exposure is not a direct concern, but the disruption to backup integrity can indirectly affect compliance and regulatory obligations. Organizations in sectors with critical data protection needs, such as finance, healthcare, government, and large enterprises, face heightened risks from this vulnerability.

To mitigate CVE-2024-33671, organizations should immediately apply the Veritas Backup Exec 22.2 HotFix 917391 or later updates that address this vulnerability. In the absence of an official patch, administrators should restrict local access to Backup Exec servers to trusted personnel only and implement strict access controls and monitoring to detect unauthorized local activities. Employing host-based intrusion detection systems (HIDS) and file integrity monitoring can help identify suspicious file deletion attempts. Network segmentation and the principle of least privilege should be enforced to limit the ability of attackers to gain local access to backup servers. Regularly auditing backup file integrity and maintaining offline or immutable backup copies can reduce the impact of potential deletions. Additionally, organizations should review and harden the configuration of the Deduplication Multi-threaded Streaming Agent to minimize exposure. Incident response plans should include procedures for rapid recovery if backup files are compromised.