CVE-2021-27877

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Veritas Backup Exec versions prior to 21.2

Description The software exhibits an improper authentication issue related to the SHA cryptographic algorithm. The authentication scheme is no longer used in current versions of the product but remained enabled. An attacker could exploit this remotely to gain unauthorized access to an Agent and execute privileged commands.

Recommendations Versions prior to 21.2 should be updated to version 21.2 or later.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

BDU:2023-02421

CVE-2021-27877

Affected Products

Veritas Backup Exec

CVE-2021-27877

Weakness Enumeration

Related Identifiers

Affected Products

References · 25