Unauthorized Access Vulnerability in Veritas Backup Exec
CVE-2021-27878

8.8HIGH

Key Information:

Vendor: Veritas
Status: Backup Exec
Vendor: CVE Published:; 1 March 2021

Badges

💰 Ransomware👾 Exploit Exists🦅 CISA Reported

Summary

A vulnerability in Veritas Backup Exec allows an attacker to bypass authentication due to a weakness in the SHA Authentication scheme. This flaw permits unauthorized access via a secured TLS communication channel. Once exploited, attackers can execute data management protocol commands on the connection, potentially allowing them to run arbitrary commands with system privileges. This oversight highlights the importance of securing authentication mechanisms to prevent unauthorized system access.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: Apply updates per vendor instructions.

References

https://www.veritas.com/content/support/en_US/security/VT...

x_refsource_MISC

http://packetstormsecurity.com/files/168506/Veritas-Backu...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

💰
Used in Ransomware
Apr 7, 2023
👾
Exploit known to exist
Apr 7, 2023
🦅
CISA Reported
Apr 7, 2023
Vulnerability published
Mar 1, 2021
Vulnerability Reserved
Mar 1, 2021