CVE-2024-35204 is a vulnerability identified in Veritas System Recovery software versions prior to 23.3_Hotfix. The root cause is improper permission settings on the Veritas System Recovery folder, which allows users with low privileges to access and potentially manipulate files or configurations that should be restricted. This misconfiguration violates the principle of least privilege and can be exploited locally by an attacker without any authentication or user interaction. The vulnerability is classified under CWE-272 (Improper Permission Assignment for Critical Resource). The CVSS v3.1 base score is 8.4, reflecting a high severity due to the combination of local attack vector, low attack complexity, no privileges required, no user interaction, and high impact on confidentiality, integrity, and availability. Exploiting this flaw could enable an attacker to escalate privileges, tamper with backup and recovery data, or disrupt recovery operations, potentially leading to data loss or system compromise. Although no public exploits have been reported yet, the vulnerability's characteristics make it a significant risk for organizations relying on Veritas System Recovery for critical backup and disaster recovery functions. The absence of a patch link suggests that a hotfix or update is forthcoming or should be obtained from Veritas support channels.

The vulnerability poses a serious risk to organizations using affected versions of Veritas System Recovery. Exploitation can lead to unauthorized access and modification of backup data and recovery configurations, undermining the integrity and availability of critical disaster recovery processes. This could result in data corruption, loss of backup integrity, or denial of recovery services, severely impacting business continuity. Attackers could leverage this flaw to escalate privileges from a low-privileged user to potentially full system control, compromising confidentiality of sensitive data stored or managed by the backup system. Given the essential role of backup and recovery solutions in enterprise environments, this vulnerability could facilitate ransomware attacks, data breaches, or prolonged downtime. The local attack vector limits remote exploitation but does not diminish the threat in environments where multiple users have access to the system. Organizations with shared workstations or multi-user environments are particularly vulnerable. The lack of known exploits in the wild currently reduces immediate risk but does not preclude future exploitation attempts.

Organizations should immediately review and restrict permissions on the Veritas System Recovery folder to ensure only authorized administrative accounts have access. Applying the official hotfix or patch from Veritas as soon as it becomes available is critical to fully remediate the vulnerability. Until a patch is deployed, implement strict access controls and monitor user activities on systems running Veritas System Recovery to detect any unauthorized access attempts. Employ endpoint protection solutions that can detect privilege escalation attempts and anomalous file access patterns. Limit the number of users with local access to systems hosting Veritas System Recovery, and enforce the principle of least privilege across all user accounts. Regularly audit permissions and system configurations to prevent recurrence. Additionally, ensure that backup data integrity is verified frequently to detect any tampering early. Organizations should also prepare incident response plans specific to backup system compromises to minimize impact if exploitation occurs.