Unauthorized Access Vulnerability in Veritas Backup Exec
CVE-2021-27878
Key Information:
- Vendor
Veritas
- Status
- Vendor
- CVE Published:
- 1 March 2021
Badges
What is CVE-2021-27878?
A vulnerability in Veritas Backup Exec allows an attacker to bypass authentication due to a weakness in the SHA Authentication scheme. This flaw permits unauthorized access via a secured TLS communication channel. Once exploited, attackers can execute data management protocol commands on the connection, potentially allowing them to run arbitrary commands with system privileges. This oversight highlights the importance of securing authentication mechanisms to prevent unauthorized system access.
CISA has reported CVE-2021-27878
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2021-27878 as being exploited and is known by the CISA as enabling ransomware campaigns.
The CISA's recommendation is: Apply updates per vendor instructions.