CVE-2021-27877

Warning

Exploit

EPSS 2.75%
Published 01.03.2021 22:15:14
Last modified 07.03.2025 14:57:32
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An attacker could remotely exploit this scheme to gain unauthorized access to an Agent and execute privileged commands.

Affected products Warnungen 1 Metrics 4 CWE 0 References 5

Data is provided by the National Vulnerability Database (NVD)

Veritas ≫ Backup Exec Version < 21.2

07.04.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

Veritas Backup Exec Agent Improper Authentication Vulnerability

Vulnerability

Veritas Backup Exec (BE) Agent contains an improper authentication vulnerability that could allow an attacker unauthorized access to the BE Agent via SHA authentication scheme.

Description

Apply updates per vendor instructions.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.75%	0.855

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
cve@mitre.org	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

http://packetstormsecurity.com/files/168506/Veritas-Backup-Exec-Agent-Remote-Code-Execution.html

Third Party Advisory

Exploit

VDB Entry

https://www.veritas.com/content/support/en_US/security/VTS21-001#issue1

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-27877

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-27877

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-27877

EUVD