Published: 01/03/2021 Updated: 27/09/2022

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 801

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

An issue exists in Veritas Backup Exec prior to 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. The attacker could use one of these commands to execute an arbitrary command on the system using system privileges.

Vulnerable Product	Search on Vulmon	Subscribe to Product
veritas backup exec

FIIT STU 2023/2024 BIT - Project - Malware Analysis and Replication

BIT - Malware Analysis and Replication of Partial Windows File Less Malware The project focused on malware analysis on real partial Windows File Less Malware implemented in PowerShell using many evasion techniques This part of the project represents a small replication of this malware using some of the techniques used in the real Malware All Anti-Malware and Anti-Virus produc

CWE-287 https://www.veritas.com/content/support/en_US/security/VTS21-001#issue3 http://packetstormsecurity.com/files/168506/Veritas-Backup-Exec-Agent-Remote-Code-Execution.html https://nvd.nist.gov https://github.com/LukasStrbo/BIT_Project_Malware

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-27878

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect