Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2021-27876
CVE-2021-27876:
Veritas Backup Exec Agent vulnerability analysis and mitigation
Overview
A critical vulnerability (CVE-2021-27876) was discovered in Veritas Backup Exec versions prior to 21.2. The vulnerability exists in the SHA Authentication scheme, allowing an attacker to gain unauthorized access and complete the authentication process, potentially leading to arbitrary file access with System privileges. The vulnerability was disclosed on March 1, 2021, and affects all Veritas Backup Exec agents on all platforms running versions 16.x, 20.x, and 21.1 (Veritas Advisory).
Technical details
The vulnerability stems from a flaw in the communication between a client and Veritas Backup Exec Agent. While the communication typically requires successful authentication over secure TLS, the vulnerability in the SHA Authentication scheme enables unauthorized access. Once authenticated, an attacker can execute data management protocol commands and use crafted input parameters to access arbitrary files on the system with System privileges. The vulnerability has been assigned a CVSS v3.1 base score of 8.1 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N (NIST NVD, Veritas Advisory).
Impact
The successful exploitation of this vulnerability allows attackers to gain unauthorized access to the system and read or modify arbitrary files with System privileges. This vulnerability is particularly concerning as it has been added to CISA's Known Exploited Vulnerabilities Catalog, indicating active exploitation in the wild. Furthermore, it has been associated with potential ransomware attacks (CISA Alert, Veritas Advisory).
Mitigation and workarounds
The primary mitigation is to upgrade to Veritas Backup Exec version 21.2 or later. For systems that cannot be immediately updated, a temporary mitigation involves checking for and modifying a specific registry key: 'Software\Veritas\Backup Exec For Windows\Backup Exec\Engine\Agents\XBSA\Machine\DBAID'. If the key doesn't exist, create it as type string (REGSZ) and set a random hexadecimal string value to prevent exploitation of the SHA authentication scheme ([Veritas Advisory](https://www.veritas.com/content/support/enUS/security/VTS21-001#issue2)).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management