CVE-2021-27877
Published Mar 1, 2021
Last updated a month ago
AI description
CVE-2021-27877 is an authentication vulnerability found in Veritas Backup Exec versions before 21.2. The software supports multiple authentication schemes, one of which is SHA authentication. Although this scheme was no longer in use, it had not been disabled. This vulnerability allows a remote attacker to exploit the SHA authentication scheme. Successful exploitation could lead to unauthorized access to the Backup Exec Agent, allowing the attacker to execute privileged commands on the system.
- Description
- An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An attacker could remotely exploit this scheme to gain unauthorized access to an Agent and execute privileged commands.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- backup_exec
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Data from CISA
- Vulnerability name
- Veritas Backup Exec Agent Improper Authentication Vulnerability
- Exploit added on
- Apr 7, 2023
- Exploit action due
- Apr 28, 2023
- Required action
- Apply updates per vendor instructions.
- Hype score
- Not currently trending
Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2024-40766 (SonicOS SSL-VPN..) +64.88% - CVE-2022-27510 (NetScaler ADC..) +21.33% - CVE-2022-27510 (Gateway..) +21.33% - CVE-2021-27877 (Veritas Veritas..) +15.37% - CVE-2021-27876 (Veritas Veritas..) +14.
@DefusedCyber
1 Dec 2025
7197 Impressions
2 Retweets
23 Likes
9 Bookmarks
2 Replies
2 Quotes
Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2021-27877 (Veritas Veritas..) +934.92% - CVE-2025-29824 (CLFS..) +289.16% - CVE-2021-30116 (Kaseya VSA..) +223.20% - CVE-2022-24521 (CLFS..) +208.83% - CVE-2023-20269 (ASA..) +168.29%
@DefusedCyber
11 Nov 2025
1497 Impressions
1 Retweet
13 Likes
3 Bookmarks
0 Replies
0 Quotes
Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2025-61882 (Oracle E-Busine..) +186086.05% - CVE-2021-27877 (Veritas Veritas..) +879.54% - CVE-2023-20269 (ASA..) +302.13% - CVE-2023-20269 (FTD..) +302.13% - CVE-2025-29824 (CLFS..) +289.16%
@DefusedCyber
3 Nov 2025
12360 Impressions
14 Retweets
55 Likes
13 Bookmarks
1 Reply
1 Quote
Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2025-61882 (Oracle E-Busine..) +198818.60% - CVE-2021-27877 (Veritas Veritas..) +2502.74% - CVE-2025-29824 (CLFS..) +233.72% - CVE-2021-30116 (Kaseya VSA..) +228.66% - CVE-2021-27878 (Veritas Veritas..)
@DefusedCyber
27 Oct 2025
2764 Impressions
3 Retweets
14 Likes
5 Bookmarks
1 Reply
1 Quote
Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2025-61882 (Oracle E-Busine..) +191397.67% - CVE-2021-27878 (Veritas Veritas..) +167.85% - CVE-2021-27877 (Veritas Veritas..) +151.55% - CVE-2021-27102 (Accellion File ..) +38.22% - CVE-2021-26857 (Exchang
@DefusedCyber
20 Oct 2025
1792 Impressions
7 Retweets
18 Likes
6 Bookmarks
1 Reply
1 Quote
Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2025-61882 (Oracle E-Busine..) +184037.21% - CVE-2021-26857 (Exchange On-Pre..) +384.58% - CVE-2021-27878 (Veritas Veritas..) +202.15% - CVE-2021-27877 (Veritas Veritas..) +183.71% - CVE-2021-27102 (Accell
@DefusedCyber
13 Oct 2025
12527 Impressions
14 Retweets
102 Likes
47 Bookmarks
1 Reply
1 Quote
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:backup_exec:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2E6F2EEE-7E5A-4EA1-87F2-97C26EAE8FCC",
"versionEndExcluding": "21.2"
}
],
"operator": "OR"
}
]
}
]