Unauthorized Access Vulnerability in Veritas Backup Exec
CVE-2021-27876
Key Information:
- Vendor
Veritas
- Status
- Vendor
- CVE Published:
- 1 March 2021
Badges
What is CVE-2021-27876?
A vulnerability has been identified in Veritas Backup Exec versions prior to 21.2 that compromises secure communication between clients and agents. This flaw arises from weaknesses in the SHA Authentication scheme, allowing an unauthorized attacker to bypass authentication. Once exploited, the attacker can issue data management protocol commands using an authenticated connection. This may enable access to arbitrary files on the system with system-level privileges, presenting significant risks to data security and system integrity.
CISA has reported CVE-2021-27876
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2021-27876 as being exploited and is known by the CISA as enabling ransomware campaigns.
The CISA's recommendation is: Apply updates per vendor instructions.