Cyber Resilience

CVE-2021-27876

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoCRansomware-linked

Published: 01 March 2021

Published
01 March 2021
Modified
03 November 2025
KEV Added
07 April 2023
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0091 76.2th percentile
Risk Priority 37 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-27876 is a high-severity an unspecified weakness vulnerability in Veritas Backup Exec. Its CVSS base score is 8.1 (High).

Operationally, ranked in the top 23.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).

Deeper analysis

The vulnerability is an authentication bypass in the SHA Authentication scheme used by Veritas Backup Exec prior to version 21.2. Although client-to-Agent communication is normally protected by TLS, a flaw in the scheme allows an attacker to complete the authentication process without valid credentials. Once authenticated, the client can issue data management protocol commands, and specially crafted parameters in one of those commands permit access to arbitrary files on the target system under System privileges.

An attacker with network access and low privileges can exploit the flaw remotely without user interaction. Successful exploitation grants the ability to read or write arbitrary files with full system rights, resulting in high confidentiality and integrity impact.

The vendor advisory VTS21-001 and associated references indicate that the issue is resolved in Backup Exec 21.2 and later. The vulnerability is also listed in CISA's Known Exploited Vulnerabilities catalog, and public proof-of-concept material for remote code execution has been published.

No additional real-world exploitation details or AI/ML relevance are provided in the source information.

EU & UK References

Vulnerability details

An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme,…

more

an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. By using crafted input parameters in one of these commands, an attacker can access an arbitrary file on the system using System privileges.

CWE(s)
KEV Date Added
07 April 2023

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

veritas
backup exec
≤ 21.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces access decisions so that even an authenticated connection cannot execute data-management commands that read or write arbitrary files with System privileges.

prevent

Requires cryptographically sound identification and authentication of remote clients, blocking the SHA-scheme bypass that allows unauthenticated access.

prevent

Validates command parameters before they are processed, preventing crafted inputs from being used to access arbitrary files on the authenticated session.

References