CVE-2021-27876

Name of the Vulnerable Software and Affected Versions Veritas Backup Exec versions prior to 21.2

Description An issue exists in Veritas Backup Exec related to flaws in the SHA authentication scheme. This can allow an attacker to gain unauthorized access and complete the authentication process between a client and an Agent, which typically occurs over a secure TLS connection. Following successful authentication, the client can execute data management protocol commands. By using specially crafted input parameters within these commands, an attacker can access arbitrary files on the system with System privileges. Reports indicate ransomware groups are exploiting these flaws to gain initial access to systems.

Recommendations Versions prior to 21.2 should be updated to version 21.2 or later.