CVE-2021-27876
CVE-2021-27876
In short
Veritas Backup Exec has a flaw in its authentication system that allows attackers to bypass security checks and gain unauthorized access. Once inside, they can read or manipulate any file on the system with high-level privileges.
Technical detail
The SHA Authentication scheme in Veritas Backup Exec's client-agent communication is vulnerable to authentication bypass over TLS. An attacker can circumvent authentication, execute data management protocol commands, and leverage crafted input parameters to achieve arbitrary file access with System privileges.
Summary generated and translated by AI from the official description.
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. By using crafted input parameters in one of these commands, an attacker can access an arbitrary file on the system using System privileges.
CVSS:3.1/AC:L/AV:N/A:N/C:H/I:H/PR:L/S:U/UI:N
Affected products
n/a · n/apublic PoCs found — 2
githubgithub.com/wingerbijay/CVE-2021-27876★ 1cve_referencepacketstormsecurity.com/files/168506/Veritas-Backup-Exec-Agent-Remote-Code-Execution.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →