Vulnerability CVE-2017-8895


Published: 2017-05-10

Description:
In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An authenticated attacker can use this vulnerability to crash the agent or potentially take control of the agent process and then the system it is running on.

See advisories in our WLB2 database:
Topic
Author
Date
High
Veritas/Symantec Backup Exec - SSL NDMP Connection Use-After-Free
30.06.2017

Type:

CWE-416

(Use After Free)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Veritas -> Backup exec 

 References:
http://www.securityfocus.com/bid/98386
http://www.securitytracker.com/id/1038561
https://www.exploit-db.com/exploits/42282/
https://www.veritas.com/content/support/en_US/security/VTS17-006.html#Issue1

Copyright 2024, cxsecurity.com

 

Back to Top