Vulnerability Details : CVE-2021-27876
Public exploit exists!
Used for ransomware!
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. By using crafted input parameters in one of these commands, an attacker can access an arbitrary file on the system using System privileges.
Vulnerability category: BypassGain privilege
Products affected by CVE-2021-27876
- cpe:2.3:a:veritas:backup_exec:*:*:*:*:*:*:*:*
CVE-2021-27876 is in the CISA Known Exploited Vulnerabilities Catalog
This issue is known to have been leveraged as part of a ransomware campaign.
CISA vulnerability name:
Veritas Backup Exec Agent File Access Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Veritas Backup Exec (BE) Agent contains a file access vulnerability that could allow an attacker to specially craft input parameters on a data management protocol command to access files on the BE Agent machine.
Notes:
https://www.veritas.com/support/en_US/security/VTS21-001; https://nvd.nist.gov/vuln/detail/CVE-2021-27876
Added on
2023-04-07
Action due date
2023-04-28
Exploit prediction scoring system (EPSS) score for CVE-2021-27876
74.31%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2021-27876
-
Veritas Backup Exec Agent Remote Code Execution
Disclosure Date: 2021-03-01First seen: 2022-12-23exploit/multi/veritas/beagent_sha_auth_rceAuthors: - Alexander Korotin <0xc0rs@gmail.com>
CVSS scores for CVE-2021-27876
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:S/C:C/I:P/A:N |
8.0
|
7.8
|
NIST | |
8.1
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
2.8
|
5.2
|
MITRE | |
8.1
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
2.8
|
5.2
|
NIST |
CWE ids for CVE-2021-27876
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-27876
-
https://www.veritas.com/content/support/en_US/security/VTS21-001#issue2
Security Advisory for Backup Exec version 21.2 | Veritas™Vendor Advisory
-
http://packetstormsecurity.com/files/168506/Veritas-Backup-Exec-Agent-Remote-Code-Execution.html
Veritas Backup Exec Agent Remote Code Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
Jump to