PT-2011-2434 · Symantec+1 · Symantec Backup Exec+1

Nibin

Published

2011-05-31

Updated

2016-08-23

CVE-2011-0546

CVSS v2.0

6.5

Medium

Vector

AV:A/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Symantec Backup Exec versions 11.0 through 13.0 R2

Description The issue allows man-in-the-middle attackers to execute NDMP commands via unspecified vectors, due to the lack of validation of identity information sent between the media server and the remote agent.

Recommendations For Symantec Backup Exec versions 11.0 through 13.0 R2, consider restricting access to the remote agent to minimize the risk of exploitation until a patch is available.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2011-0546

HPSBUX02700

Affected Products

Hp-Ux

Symantec Backup Exec

PT-2011-2434 · Symantec+1 · Symantec Backup Exec+1

CVE-2011-0546

Weakness Enumeration

Related Identifiers

Affected Products

References · 10