CVE-2021-27878

Name of the Vulnerable Software and Affected Versions Veritas Backup Exec versions prior to 21.2

Description An issue exists in Veritas Backup Exec related to flaws in the authentication procedure when using the SHA cryptographic algorithm. Exploitation may allow a remote attacker to elevate privileges and execute arbitrary commands. The communication between a client and an Agent requires successful authentication, typically completed over a secure TLS connection. However, due to a weakness in the SHA Authentication scheme, an attacker can gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. The attacker could use these commands to execute an arbitrary command on the system using system privileges.

Recommendations Versions prior to 21.2 should be updated to version 21.2 or later.