← back
CVE-2021-27876

CVE-2021-27876

CVSS 8.1 HIGHEPSS 13.4%● KEV
Vexday Risk Score
91Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Popular PoC on GitHub (1 stars) — exploitation code widely available.
CVSS 8.1EPSS 13.4%KEV simPoC públicaNuclei Metasploit simPatch
Lifecycle
01 Mar 2021Metasploit module available
01 Mar 2021Published on NVD
07 Apr 2023Active exploitation (CISA KEV)
18 Jun 2026Public PoC
Weaponization speed
1934 daysto first PoC
766 daysto active exploitation (KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

Veritas Backup Exec has a flaw in its authentication system that allows attackers to bypass security checks and gain unauthorized access. Once inside, they can read or manipulate any file on the system with high-level privileges.

Technical detail

The SHA Authentication scheme in Veritas Backup Exec's client-agent communication is vulnerable to authentication bypass over TLS. An attacker can circumvent authentication, execute data management protocol commands, and leverage crafted input parameters to achieve arbitrary file access with System privileges.

Summary generated and translated by AI from the official description.
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. By using crafted input parameters in one of these commands, an attacker can access an arbitrary file on the system using System privileges.
CVSS:3.1/AC:L/AV:N/A:N/C:H/I:H/PR:L/S:U/UI:N
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.