CVE-2021-27878
CVE-2021-27878
In short
Veritas Backup Exec has a flaw in its authentication system that allows attackers to bypass security checks and gain unauthorized access to the backup system. Once inside, an attacker can run malicious commands with system privileges.
Technical detail
The SHA authentication scheme in Veritas Backup Exec client-agent communication contains a cryptographic vulnerability that enables authentication bypass over TLS connections. An unauthenticated attacker can exploit this to gain authorized session state and execute arbitrary system commands via the data management protocol with elevated privileges.
Summary generated and translated by AI from the official description.
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. The attacker could use one of these commands to execute an arbitrary command on the system using system privileges.
CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N
Affected products
n/a · n/apublic PoCs found — 1
cve_referencepacketstormsecurity.com/files/168506/Veritas-Backup-Exec-Agent-Remote-Code-Execution.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →