Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2021-27877
CVE-2021-27877:
Veritas Backup Exec Agent vulnerability analysis and mitigation
Overview
An authentication vulnerability was discovered in Veritas Backup Exec before version 21.2, identified as CVE-2021-27877. The software supports multiple authentication schemes, including SHA authentication, which although no longer used in current versions, remained enabled. This vulnerability was disclosed on March 1, 2021, affecting all Veritas Backup Exec versions 16.x, 20.x, and 21.1 across all platforms (Veritas Advisory).
Technical details
The vulnerability allows remote attackers to exploit the SHA authentication scheme to gain unauthorized access to the Backup Exec Agent and execute privileged commands. The issue received a CVSS v3.1 base score of 9.8 (Critical) from NVD and 8.2 (High) from MITRE, with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and no required privileges or user interaction (NVD).
Impact
If exploited, this vulnerability enables attackers to gain unauthorized access to the Backup Exec Agent and execute privileged commands on the system. The vulnerability has been associated with ransomware attacks, making it particularly critical for organizations to address (Veritas Advisory).
Mitigation and workarounds
The vulnerability has been fixed in Veritas Backup Exec version 21.2. For systems that cannot be immediately updated, a mitigation involves checking for and configuring a specific registry key: 'Software\Veritas\Backup Exec For Windows\Backup Exec\Engine\Agents\XBSA\Machine\DBAID'. If the key doesn't exist, it should be created as a string (REGSZ) with a random hexadecimal value to prevent exploitation of the SHA authentication scheme ([Veritas Advisory](https://www.veritas.com/content/support/enUS/security/VTS21-001#issue1)).
Community reactions
The vulnerability's severity prompted CISA to add it to their Known Exploited Vulnerabilities (KEV) catalog on April 7, 2023, with a remediation due date of April 28, 2023. This action required Federal Civilian Executive Branch agencies to patch their systems according to the vendor's instructions (Hacker News).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management