Static Password Vulnerability in VERITAS Backup Exec and NetBackup Products
CVE-2005-2611

Currently unrated

Key Information:

Vendor: Symantec Veritas
Status: Backup Exec Remote Agent; Netbackup; Backup Exec
Vendor: CVE Published:; 17 August 2005

Summary

A vulnerability exists in VERITAS Backup Exec and NetBackup products due to the use of a static password for authentication between the NDMP agent and the server. This flaw allows unauthorized remote attackers to gain access to the server, potentially enabling them to read or write arbitrary files. Exploitability of this vulnerability poses significant security risks, as it undermines the confidentiality and integrity of backup data and server operations.

References

http://www.us-cert.gov/cas/techalerts/TA05-224A.html

third-party-advisoryx_refsource_CERT

http://www.securityfocus.com/bid/14551

vdb-entryx_refsource_BID

http://secunia.com/advisories/16403

third-party-advisoryx_refsource_SECUNIA

EPSS Score

80% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 17, 2005
Vulnerability Reserved
Aug 17, 2005