Metasploit modules that can be used to exploit Veritas products
-
Spring Framework Class property RCE (Spring4Shell)
Disclosure Date: 2022-03-31First seen: 2022-12-23exploit/multi/http/spring_framework_rce_spring4shellSpring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions when running on JDK 9 or above and specifically packaged as a traditional WAR and deployed in a standalone Tomcat instance are vulnerable to remote code execution due to an unsafe data binding used to populate an object from request parameters to set a Tomcat specific ClassLoader. By crafting a request to the application and referencing the org.apache.catalina.valves.AccessLogValve class through the classLoader with parameters such as the following: class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp, an unauthenticated attacker can gain remote code execution. Authors: - vleminator <vleminator@gmail.com> -
Veritas Backup Exec Agent Remote Code Execution
Disclosure Date: 2021-03-01First seen: 2022-12-23exploit/multi/veritas/beagent_sha_auth_rceAuthors: - Alexander Korotin <0xc0rs@gmail.com> -
Veritas Backup Exec Agent Remote Code Execution
Disclosure Date: 2021-03-01First seen: 2022-12-23exploit/multi/veritas/beagent_sha_auth_rceAuthors: - Alexander Korotin <0xc0rs@gmail.com> -
Veritas Backup Exec Agent Remote Code Execution
Disclosure Date: 2021-03-01First seen: 2022-12-23exploit/multi/veritas/beagent_sha_auth_rceAuthors: - Alexander Korotin <0xc0rs@gmail.com> -
Veritas/Symantec Backup Exec SSL NDMP Connection Use-After-Free
Disclosure Date: 2017-05-10First seen: 2020-04-26exploit/windows/backupexec/ssl_uafThis module exploits a use-after-free vulnerability in the handling of SSL NDMP connections in Veritas/Symantec Backup Exec's Remote Agent for Windows. When SSL is re-established on a NDMP connection that previously has had SSL established, the BIO struct for the connection's previous SSL session is reused, even though it has previously been freed. This module supports 3 specific versions of the Backup Exec agent in the 14, 15 and 16 series on 64-bit and 32-bit versions of Windows and has been tested from Vista to Windows 10. The check command can help narrow down what major and minor revision is installed and the precise of version of Windows, but some other information may be required to make a reliable choice of target. NX, ASLR and Windows 8+ anti-ROP mitigations are bypassed. On Windows 8+, it has a reliability of around 85%. On other versions of Windows, reliability is around 35% (due to the need to win a race condition across the network in this case; this may drop further depending on network conditions). The agent is normally installed on all hosts in a domain that need to be backed up, so if one service crashes, try again on another :) Successful exploitation will give remote code execution as the user of the Backup Exec Remote Agent for Windows service, almost always NT AUTHORITY\SYSTEM. Authors: - Matthew Daley -
VERITAS NetBackup Remote Command Execution
Disclosure Date: 2004-10-21First seen: 2020-04-26exploit/multi/misc/veritas_netbackup_cmdexecThis module allows arbitrary command execution on an ephemeral port opened by Veritas NetBackup, whilst an administrator is authenticated. The port is opened and allows direct console access as root or SYSTEM from any source address. Authors: - aushack <patrick@osisecurity.com.au>
6 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers.
Visit metasploit web site for more details