An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. By using crafted input parameters in one of these commands, an attacker can access an arbitrary file on the system using System privileges.
Published 2021-03-01 22:15:14
Updated 2022-09-27 20:14:17
Source MITRE
View at NVD,   CVE.org
Vulnerability category: BypassGain privilege

Products affected by CVE-2021-27876

CVE-2021-27876 is in the CISA Known Exploited Vulnerabilities Catalog

This issue is known to have been leveraged as part of a ransomware campaign.
CISA vulnerability name:
Veritas Backup Exec Agent File Access Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Veritas Backup Exec (BE) Agent contains a file access vulnerability that could allow an attacker to specially craft input parameters on a data management protocol command to access files on the BE Agent machine.
Notes:
https://www.veritas.com/support/en_US/security/VTS21-001; https://nvd.nist.gov/vuln/detail/CVE-2021-27876
Added on 2023-04-07 Action due date 2023-04-28

Exploit prediction scoring system (EPSS) score for CVE-2021-27876

74.31%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2021-27876

  • Veritas Backup Exec Agent Remote Code Execution
    Disclosure Date: 2021-03-01
    First seen: 2022-12-23
    exploit/multi/veritas/beagent_sha_auth_rce
    Authors: - Alexander Korotin <0xc0rs@gmail.com>

CVSS scores for CVE-2021-27876

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
7.5
HIGH AV:N/AC:L/Au:S/C:C/I:P/A:N
8.0
7.8
NIST
8.1
HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
2.8
5.2
MITRE
8.1
HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
2.8
5.2
NIST

CWE ids for CVE-2021-27876

  • When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
    Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-27876

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!