CVE-2021-27877

Warnung

Exploit

EPSS 2.75%
Veröffentlicht 01.03.2021 22:15:14
Zuletzt bearbeitet 07.03.2025 14:57:32
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An attacker could remotely exploit this scheme to gain unauthorized access to an Agent and execute privileged commands.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 0 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Veritas ≫ Backup Exec Version < 21.2

07.04.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

Veritas Backup Exec Agent Improper Authentication Vulnerability

Schwachstelle

Veritas Backup Exec (BE) Agent contains an improper authentication vulnerability that could allow an attacker unauthorized access to the BE Agent via SHA authentication scheme.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.75%	0.855

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
cve@mitre.org	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

http://packetstormsecurity.com/files/168506/Veritas-Backup-Exec-Agent-Remote-Code-Execution.html

Third Party Advisory

Exploit

VDB Entry

https://www.veritas.com/content/support/en_US/security/VTS21-001#issue1

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-27877

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-27877

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-27877

EUVD