CVE-2017-8895

Name of the Vulnerable Software and Affected Versions Veritas Backup Exec versions prior to 14.1.1187.1126 Veritas Backup Exec versions prior to 14.2.1180.3160 Veritas Backup Exec 16 before FP1

Description The issue is related to a use-after-free vulnerability in multiple agents of the Veritas Backup Exec software. This vulnerability can be exploited by an unauthenticated attacker to cause a denial of service or potentially achieve remote code execution. The attacker could crash the agent or take control of the agent process and then the system it is running on. The vulnerability can also be exploited using specially crafted NDMP data.

Recommendations For Veritas Backup Exec versions prior to 14.1.1187.1126, update to build 14.1.1187.1126 or later. For Veritas Backup Exec versions prior to 14.2.1180.3160, update to build 14.2.1180.3160 or later. For Veritas Backup Exec 16 before FP1, apply FP1 or later.