CVE-2021-27877
Veritas Backup Exec Agent Improper Authentication Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
YesDecision
Descriptions
An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An attacker could remotely exploit this scheme to gain unauthorized access to an Agent and execute privileged commands.
Se detectó un problema en Veritas Backup Exec versiones anteriores a 21.2. Admite múltiples esquemas de autenticación: la autenticación SHA es uno de ellos. Este esquema de autenticación ya no se utiliza en las versiones actuales del producto, pero aún no se ha desactivado. Un atacante podría explotar este esquema remotamente para conseguir acceso no autorizado a un agente y ejecutar comandos privilegiados
Veritas Backup Exec (BE) Agent contains an improper authentication vulnerability that could allow an attacker unauthorized access to the BE Agent via SHA authentication scheme.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-03-01 CVE Reserved
- 2021-03-01 CVE Published
- 2021-03-01 First Exploit
- 2023-04-07 Exploited in Wild
- 2023-04-28 KEV Due Date
- 2024-07-04 EPSS Updated
- 2024-08-03 CVE Updated
CWE
- CWE-287: Improper Authentication
CAPEC
References (4)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS21-001#issue1 | 2022-09-27 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Veritas Search vendor "Veritas" | Backup Exec Search vendor "Veritas" for product "Backup Exec" | < 21.2 Search vendor "Veritas" for product "Backup Exec" and version " < 21.2" | - |
Affected
| ||||||