Symantec Backup Exec 12.5 MiTM Attack

2011.07.11

Credit: Nibin

Risk: Medium

Local: Yes

Remote: Yes

CVE: CVE-2011-0546

CWE: CWE-20

CVSS Base Score: 6.5/10

Impact Subscore: 10/10

Exploitability Subscore: 2.5/10

Exploit range: Adjacent network

Attack complexity: High

Authentication: Single time

Confidentiality impact: Complete

Integrity impact: Complete

Availability impact: Complete

Exploit Title: Symantec Backup Exec MiTM Attack
Date: 27/05/2011
Author: Nibin
Software Link: http://www.symantec.com/business/products/family.jsp?familyid=backupexec
Version:
 - Symantec Backup Exec for Windows Servers versions 11.0, 12.0, and 12.5
 - Symantec Backup Exec 2010 versions 13.0 and 13.0 R2
Tested on: Tested on Symantec Backup Exec 12.5 for Windows Servers
CVE : CVE-2011-0546
BID: 47824

Symantec Disclosure link:
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110526_00
iViZ Disclosure link: goo.gl/1vzdE

Exploit Code: http://www.exploit-db.com/sploits/SymantecReplay.zip

References:

http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110526_00

http://www.securityfocus.com/bid/47824

http://secunia.com/advisories/44698

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Symantec Backup Exec 12.5 MiTM Attack

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.