#VU42679 Information disclosure in Backup Exec - CVE-2013-4678

Cybersecurity Help s.r.o.

Published: 2013-08-05 | Updated: 2020-08-11

Vulnerability identifier: #VU42679

Vulnerability risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2013-4678

CWE-ID: CWE-200

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Backup Exec
Client/Desktop applications / Multimedia software

Vendor: Veritas Technologies

Description

The vulnerability allows a remote #AU# to gain access to sensitive information.

The NDMP protocol implementation in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote authenticated users to obtain sensitive host-version information via unspecified vectors.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Backup Exec: 2010_r3 - 2012

External links
https://www.securityfocus.com/bid/61488
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_00

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Backup Exec