1. Home
  2. CVE Database
  3. CVE-2015-6551
MEDIUM · 5.9

CVE-2015-6551

Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server,...

Vulnerability Description

Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the network for key-exchange packets.

CVSS Score

5.9

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
VeritasNetbackup Appliance1.1.0.1
VeritasNetbackup7.0

Related Weaknesses (CWE)

CWE-200

References

FAQ

What is CVE-2015-6551?

CVE-2015-6551 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server,...

How severe is CVE-2015-6551?

CVE-2015-6551 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-6551?

Check the references section above for vendor advisories and patch information. Affected products include: Veritas Netbackup Appliance, Veritas Netbackup.