Use-After-Free Vulnerability in Veritas Backup Exec Software
CVE-2017-8895

9.8CRITICAL

Key Information:

Vendor
Veritas
Status
Backup Exec
Vendor
CVE Published:
10 May 2017

Summary

A use-after-free vulnerability exists in multiple agents of Veritas Backup Exec versions prior to specified builds. This flaw allows unauthenticated attackers to potentially crash the agent or execute arbitrary commands by manipulating the agent process. Attackers gaining control of this process could compromise the underlying system, thus posing significant risks to data integrity and availability.

References

http://www.securityfocus.com/bid/98386
vdb-entryx_refsource_BID
https://www.veritas.com/content/support/en_US/security/VT...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038561
vdb-entryx_refsource_SECTRACK

EPSS Score

67% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.