Static Password Vulnerability in VERITAS Backup Exec and NetBackup Products
CVE-2005-2611

Currently unrated

Key Information:

Vendor
Symantec Veritas
Status
Backup Exec Remote Agent
Netbackup
Backup Exec
Vendor
CVE Published:
17 August 2005

Summary

A vulnerability exists in VERITAS Backup Exec and NetBackup products due to the use of a static password for authentication between the NDMP agent and the server. This flaw allows unauthorized remote attackers to gain access to the server, potentially enabling them to read or write arbitrary files. Exploitability of this vulnerability poses significant security risks, as it undermines the confidentiality and integrity of backup data and server operations.

References

http://www.us-cert.gov/cas/techalerts/TA05-224A.html
third-party-advisoryx_refsource_CERT
http://www.securityfocus.com/bid/14551
vdb-entryx_refsource_BID
http://secunia.com/advisories/16403
third-party-advisoryx_refsource_SECUNIA

EPSS Score

76% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2005-2611 : Static Password Vulnerability in VERITAS Backup Exec and NetBackup Products | SecurityVulnerability.io