CVE-2021-27878
Published Mar 1, 2021
Last updated a month ago
AI description
CVE-2021-27878 is a vulnerability found in Veritas Backup Exec versions before 21.2. It relates to the communication process between a client and an agent, which usually requires secure TLS authentication. The vulnerability lies within the SHA Authentication scheme, which can allow an attacker to bypass the authentication process and gain unauthorized access. Once authenticated, the client can then execute data management protocol commands, potentially leading to arbitrary command execution on the system with system privileges.
- Description
- An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. The attacker could use one of these commands to execute an arbitrary command on the system using system privileges.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- backup_exec
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 9
- Impact score
- 10
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:C/I:C/A:C
Data from CISA
- Vulnerability name
- Veritas Backup Exec Agent Command Execution Vulnerability
- Exploit added on
- Apr 7, 2023
- Exploit action due
- Apr 28, 2023
- Required action
- Apply updates per vendor instructions.
- Hype score
- Not currently trending
Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2021-27876 (Veritas Veritas..) +273.78% - CVE-2022-24521 (CLFS..) +238.29% - CVE-2021-27878 (Veritas Veritas..) +163.49% - CVE-2023-27351 (PaperCut Applic..) +95.65% - CVE-2023-20269 (ASA..) +82.95%
@DefusedCyber
22 Nov 2025
2032 Impressions
1 Retweet
12 Likes
5 Bookmarks
1 Reply
1 Quote
Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2025-61882 (Oracle E-Busine..) +198818.60% - CVE-2021-27877 (Veritas Veritas..) +2502.74% - CVE-2025-29824 (CLFS..) +233.72% - CVE-2021-30116 (Kaseya VSA..) +228.66% - CVE-2021-27878 (Veritas Veritas..)
@DefusedCyber
27 Oct 2025
2764 Impressions
3 Retweets
14 Likes
5 Bookmarks
1 Reply
1 Quote
Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2025-61882 (Oracle E-Busine..) +191397.67% - CVE-2021-27878 (Veritas Veritas..) +167.85% - CVE-2021-27877 (Veritas Veritas..) +151.55% - CVE-2021-27102 (Accellion File ..) +38.22% - CVE-2021-26857 (Exchang
@DefusedCyber
20 Oct 2025
1792 Impressions
7 Retweets
18 Likes
6 Bookmarks
1 Reply
1 Quote
Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2025-61882 (Oracle E-Busine..) +184037.21% - CVE-2021-26857 (Exchange On-Pre..) +384.58% - CVE-2021-27878 (Veritas Veritas..) +202.15% - CVE-2021-27877 (Veritas Veritas..) +183.71% - CVE-2021-27102 (Accell
@DefusedCyber
13 Oct 2025
12527 Impressions
14 Retweets
102 Likes
47 Bookmarks
1 Reply
1 Quote
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:backup_exec:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2E6F2EEE-7E5A-4EA1-87F2-97C26EAE8FCC",
"versionEndExcluding": "21.2"
}
],
"operator": "OR"
}
]
}
]