CVE-2021-27877
CVE-2021-27877
Vexday Risk Score
98Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS 8.2EPSS 64.9%KEV simPoC públicaNuclei simMetasploit simPatch —
Lifecycle
01 Mar 2021Metasploit module available
01 Mar 2021Published on NVD
07 Apr 2023Active exploitation (CISA KEV)
02 Jul 2026Public PoC
Weaponization speed
1948 daysto first PoC
766 daysto active exploitation (KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
Veritas Backup Exec uses an outdated authentication method (SHA) that wasn't disabled, allowing attackers to remotely bypass security and run privileged commands on backup servers.
Technical detail
CVE-2021-27877 exploits a legacy SHA authentication scheme in Veritas Backup Exec versions before 21.2 that remains enabled despite being obsolete. Remote attackers can leverage this weak authentication vector to gain unauthorized access to Agents and execute arbitrary privileged commands without valid credentials.
Summary generated and translated by AI from the official description.
An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An attacker could remotely exploit this scheme to gain unauthorized access to an Agent and execute privileged commands.
CVSS:3.1/AC:L/AV:N/A:N/C:H/I:L/PR:N/S:U/UI:N
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/168506/Veritas-Backup-Exec-Agent-Remote-Code-Execution.htmlunverifiedvulncheckvulncheck.com/xdb/74078b6397fdunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.