Vulnerability Description
An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An attacker could remotely exploit this scheme to gain unauthorized access to an Agent and execute privileged commands.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Veritas | Backup Exec | < 21.2 |
References
- http://packetstormsecurity.com/files/168506/Veritas-Backup-Exec-Agent-Remote-CodExploitThird Party AdvisoryVDB Entry
- https://www.veritas.com/content/support/en_US/security/VTS21-001#issue1Vendor Advisory
- http://packetstormsecurity.com/files/168506/Veritas-Backup-Exec-Agent-Remote-CodExploitThird Party AdvisoryVDB Entry
- https://www.veritas.com/content/support/en_US/security/VTS21-001#issue1Vendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-US Government Resource
FAQ
What is CVE-2021-27877?
CVE-2021-27877 is a vulnerability with a CVSS score of 8.2 (HIGH). An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current ver...
How severe is CVE-2021-27877?
CVE-2021-27877 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-27877?
Check the references section above for vendor advisories and patch information. Affected products include: Veritas Backup Exec.