Vulnerability Description
In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this vulnerability to crash the agent or potentially take control of the agent process and then the system it is running on.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Veritas | Backup Exec | < 14.1.1786.1126 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/98386Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038561Third Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/42282/Third Party AdvisoryVDB Entry
- https://www.veritas.com/content/support/en_US/security/VTS17-006.html#Issue1PatchVendor Advisory
- http://www.securityfocus.com/bid/98386Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038561Third Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/42282/Third Party AdvisoryVDB Entry
- https://www.veritas.com/content/support/en_US/security/VTS17-006.html#Issue1PatchVendor Advisory
FAQ
What is CVE-2017-8895?
CVE-2017-8895 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of serv...
How severe is CVE-2017-8895?
CVE-2017-8895 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-8895?
Check the references section above for vendor advisories and patch information. Affected products include: Veritas Backup Exec.