CVE-2021-27877
Published Mar 1, 2021
Last updated 2 days ago
AI description
CVE-2021-27877 is an authentication vulnerability found in Veritas Backup Exec versions before 21.2. The software supports multiple authentication schemes, one of which is SHA authentication. Although this scheme was no longer in use, it had not been disabled. This vulnerability allows a remote attacker to exploit the SHA authentication scheme. Successful exploitation could lead to unauthorized access to the Backup Exec Agent, allowing the attacker to execute privileged commands on the system.
- Description
- An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An attacker could remotely exploit this scheme to gain unauthorized access to an Agent and execute privileged commands.
- Source
- cve@mitre.org
- NVD status
- Modified
- Products
- backup_exec
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Data from CISA
- Vulnerability name
- Veritas Backup Exec Agent Improper Authentication Vulnerability
- Exploit added on
- Apr 7, 2023
- Exploit action due
- Apr 28, 2023
- Required action
- Apply updates per vendor instructions.
- Hype score
- Not currently trending
Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2025-61882 (Oracle E-Busine..) +191397.67% - CVE-2021-27878 (Veritas Veritas..) +167.85% - CVE-2021-27877 (Veritas Veritas..) +151.55% - CVE-2021-27102 (Accellion File ..) +38.22% - CVE-2021-26857 (Exchang
@DefusedCyber
20 Oct 2025
1792 Impressions
7 Retweets
18 Likes
6 Bookmarks
1 Reply
1 Quote
Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2025-61882 (Oracle E-Busine..) +184037.21% - CVE-2021-26857 (Exchange On-Pre..) +384.58% - CVE-2021-27878 (Veritas Veritas..) +202.15% - CVE-2021-27877 (Veritas Veritas..) +183.71% - CVE-2021-27102 (Accell
@DefusedCyber
13 Oct 2025
12527 Impressions
14 Retweets
102 Likes
47 Bookmarks
1 Reply
1 Quote
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:backup_exec:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2E6F2EEE-7E5A-4EA1-87F2-97C26EAE8FCC",
"versionEndExcluding": "21.2"
}
],
"operator": "OR"
}
]
}
]