CVE-2021-27877
Published: 01 March 2021
Summary
CVE-2021-27877 is a high-severity an unspecified weakness vulnerability in Veritas Backup Exec. Its CVSS base score is 8.2 (High).
Operationally, ranked in the top 2.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and CM-7 (Least Functionality).
Deeper analysis
CVE-2021-27877 affects Veritas Backup Exec versions prior to 21.2. The product retained support for an unused SHA authentication scheme that had been superseded in current releases but was never disabled, leaving the Backup Exec Agent exposed to remote authentication abuse.
An unauthenticated remote attacker can exploit the scheme over the network to obtain unauthorized access to an Agent instance and execute privileged commands, resulting in high confidentiality impact and limited integrity impact according to the CVSS 8.2 vector.
The vendor advisory VTS21-001 and associated patches direct customers to upgrade to Backup Exec 21.2 or later to remove the legacy authentication path. Public exploit code has been published, and the vulnerability appears in the CISA Known Exploited Vulnerabilities catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-14615
Vulnerability details
An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An…
more
attacker could remotely exploit this scheme to gain unauthorized access to an Agent and execute privileged commands.
- CWE(s)
- KEV Date Added
- 07 April 2023
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires disabling or restricting the unused SHA authentication scheme that remained enabled in Backup Exec Agent.
Enforces that only valid, current authentication mechanisms may grant access to the Agent, blocking exploitation of the legacy SHA path.
Requires management and disabling of obsolete authenticator types/schemes no longer intended for use.