Main Vulnerability Database Exploits ID:8963 - Exploit for Improper Authentication in Backup Exec - CVE-2021-27878

ID:8963 - Exploit for Improper Authentication in Backup Exec - CVE-2021-27878

Published: April 5, 2023

Vulnerability identifier: #VU74472

Vulnerability risk: High

CVE-ID: CVE-2021-27878

CWE-ID: CWE-287

Exploitation vector: Remote access

Vulnerable software:
Backup Exec

Link to public exploit:

https://www.rapid7.com/db/modules/exploit/multi/veritas/beagent_sha_auth_rce

Vulnerability description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to an error in the SHA Authentication scheme. A remote user can use one of the data management protocol commands to execute an arbitrary command on the system using system privileges.

Remediation

Install updates from vendor's website.

ID:8963 - Exploit for Improper Authentication in Backup Exec - CVE-2021-27878

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human