Vulnerability Details : CVE-2017-8895
Public exploit exists!
In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this vulnerability to crash the agent or potentially take control of the agent process and then the system it is running on.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Products affected by CVE-2017-8895
- cpe:2.3:a:veritas:backup_exec:*:*:*:*:*:*:*:*
- cpe:2.3:a:veritas:backup_exec:*:*:*:*:*:*:*:*
- cpe:2.3:a:veritas:backup_exec:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-8895
73.84%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2017-8895
-
Veritas/Symantec Backup Exec SSL NDMP Connection Use-After-Free
Disclosure Date: 2017-05-10First seen: 2020-04-26exploit/windows/backupexec/ssl_uafThis module exploits a use-after-free vulnerability in the handling of SSL NDMP connections in Veritas/Symantec Backup Exec's Remote Agent for Windows. When SSL is re-established on a NDMP connection that previously has had SSL established, the BIO struct for the con
CVSS scores for CVE-2017-8895
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-8895
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-8895
-
http://www.securitytracker.com/id/1038561
Veritas BackupExec Use-After-Free Memory Error Lets Remote Users Execute Arbitrary Code on the Target System - SecurityTrackerThird Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/42282/
Veritas/Symantec Backup Exec - SSL NDMP Connection Use-After-Free (Metasploit)Third Party Advisory;VDB Entry
-
https://www.veritas.com/content/support/en_US/security/VTS17-006.html#Issue1
VTS17-006: Use-After-Free Vulnerability in Multiple Veritas Backup Exec Agents | Veritas™Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/98386
Veritas Backup Exec Use After Free Remote Code Execution VulnerabilityThird Party Advisory;VDB Entry
Jump to