Main Vulnerability Database Exploits ID:8960 - Exploit for Improper Authentication in Backup Exec - CVE-2021-27876

ID:8960 - Exploit for Improper Authentication in Backup Exec - CVE-2021-27876

Published: April 5, 2023

Vulnerability identifier: #VU74470

Vulnerability risk: High

CVE-ID: CVE-2021-27876

CWE-ID: CWE-287

Exploitation vector: Remote access

Vulnerable software:
Backup Exec

Link to public exploit:

https://packetstormsecurity.com/files/168506/Veritas-Backup-Exec-Agent-Remote-Code-Execution.html

Vulnerability description

The vulnerability allows a remote user to compromise the affected system.

The vulnerability exists due to an error in SHA Authentication scheme. A remote user can use specially crafted input parameters on one of the data management protocol commands to access an arbitrary file on the system using System privileges.

Remediation

Install updates from vendor's website.

ID:8960 - Exploit for Improper Authentication in Backup Exec - CVE-2021-27876

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human