External risk intelligence

Veritas Backup Exec Agent Remote Access Vulnerability

CVE advisoryKnown Exploit

CVE-2021-27877

A vulnerability in Veritas Backup Exec Agent's authentication scheme allows remote, unauthorized access and command execution. Affected organizations face risks of data compromise and system control. The issue stems from an older authentication method that remained enabled.

2Halo Surface Signal

Veritas Backup Exec

before 21.2

External exposure likelihood

Halo Surface Signal score for CVE-2021-27877

This vulnerability affects a backup agent service. While network-reachable within a corporate environment, these agents are typically deployed in internal, segmented infrastructure for data protection and are rarely exposed directly to the public internet by design.

Horizon Alert

Summary of the vulnerability and why it matters

A vulnerability in Veritas Backup Exec Agent's SHA authentication scheme could allow an attacker to gain unauthorized access and execute privileged commands remotely. This flaw exists because the authentication scheme, though no longer used in current versions, had not been fully disabled. The potential business impact includes unauthorized access to sensitive data and system compromise.

Vulnerable backup agent authentication
Remote unauthorized access and command execution
Data compromise and system impact

Attack Path

How an attacker could exploit the issue

An issue in Veritas Backup Exec allows an attacker to remotely access an Agent and execute privileged commands. This is possible because the system supports an older SHA authentication scheme that had not yet been disabled. The attacker can exploit this scheme to gain unauthorized access.

Exposed Agent
Attacker gains access
Unauthorized commands executed

Live Threat

Current exploitation, exposure, and threat context

This vulnerability allows an attacker to gain unauthorized access to a Veritas Backup Exec Agent and execute privileged commands. The exploit can be performed remotely, requiring no user interaction. Successful exploitation could lead to significant data compromise and system control.

Attackers with basic technical skills.
No prior access or conditions needed.
High business risk, requires urgent attention.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

An issue exists within Veritas Backup Exec versions prior to 21.2 that could allow an attacker to gain unauthorized access and execute privileged commands. This vulnerability is related to an older SHA authentication scheme that had not been disabled. Organizations are advised to take specific actions to address this risk.

Identify all Veritas Backup Exec assets.
Reduce exposure by disabling the authentication scheme.
Apply vendor fixes, verify remediation, and monitor for issues.

Frequently asked questions

What is Veritas Backup Exec?

Veritas Backup Exec is a software solution designed for data backup and recovery. It assists organizations in safeguarding their information by creating data copies that can be restored if data loss occurs. It offers support for a wide range of systems and applications, making it a prevalent tool for data protection strategies.

How does CVE-2021-27877 enable unauthorized access?

CVE-2021-27877 is a vulnerability within Veritas Backup Exec's authentication mechanisms. An outdated authentication method, SHA authentication, which was not actively used but also not disabled, could be exploited by malicious actors. This flaw allows them to bypass security controls and obtain unauthorized access to an Agent, enabling the execution of privileged commands.

What is the attack path for CVE-2021-27877?

The attack path involves exploiting an older SHA authentication scheme within Veritas Backup Exec. This scheme, though no longer in current use, remained enabled. An attacker can leverage this weakness to remotely access an Agent and execute privileged commands without needing any specific user interaction or prior access.

What is the relevance of CVE-2021-27877?

This vulnerability presents a significant risk as it allows for remote unauthorized access and the execution of privileged commands on Veritas Backup Exec Agents. The potential business impact includes unauthorized access to sensitive data and the compromise of system integrity. While network-reachable within corporate environments, these agents are typically in segmented internal infrastructure and not directly exposed to the public internet.

What practical steps should be taken for CVE-2021-27877?

Organizations should identify all Veritas Backup Exec assets, reduce exposure by disabling the vulnerable SHA authentication scheme if possible, and apply vendor-provided fixes for versions prior to 21.2. It is crucial to verify that remediation efforts are successful and to continuously monitor for any signs of compromise or related issues.

References

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.