ID:4364 - Exploit for Input validation error in Backup Exec - CVE-2011-0546

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:4364 - Exploit for Input validation error in Backup Exec - CVE-2011-0546

ID:4364 - Exploit for Input validation error in Backup Exec - CVE-2011-0546

Published: August 11, 2020


Vulnerability identifier: #VU45012
Vulnerability risk: Medium
CVE-ID: CVE-2011-0546
CWE-ID: CWE-20
Exploitation vector: Adjecent network
Vulnerable software:
Backup Exec

Link to public exploit:


Vulnerability description

The vulnerability allows a remote #AU# to execute arbitrary code.

Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does not validate identity information sent between the media server and the remote agent, which allows man-in-the-middle attackers to execute NDMP commands via unspecified vectors.


Remediation

Install update from vendor's website.