← back
CVE-2021-27878

CVE-2021-27878

CVSS 8.8 HIGHEPSS 24.0%● KEV
Vexday Risk Score
91Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS 8.8EPSS 24.0%KEV simPoC públicaNuclei Metasploit simPatch
Lifecycle
01 Mar 2021Metasploit module available
01 Mar 2021Published on NVD
07 Apr 2023Active exploitation (CISA KEV)
Weaponization speed
766 daysto active exploitation (KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

Veritas Backup Exec has a flaw in its authentication system that allows attackers to bypass security checks and gain unauthorized access to the backup system. Once inside, an attacker can run malicious commands with system privileges.

Technical detail

The SHA authentication scheme in Veritas Backup Exec client-agent communication contains a cryptographic vulnerability that enables authentication bypass over TLS connections. An unauthenticated attacker can exploit this to gain authorized session state and execute arbitrary system commands via the data management protocol with elevated privileges.

Summary generated and translated by AI from the official description.
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. The attacker could use one of these commands to execute an arbitrary command on the system using system privileges.
CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.