CVE-2011-0546

Symantec Backup Exec 11.0-13.0 R2 - Unauthenticated NDMP Command Execution via Man-in-the-Middle

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-0546. PoCs published by Nibin.

AI-analyzed exploit summary This is a writeup describing a Man-in-the-Middle (MiTM) attack against Symantec Backup Exec. It references an external exploit code archive but does not contain actual exploit code in the provided text.

Description

Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does not validate identity information sent between the media server and the remote agent, which allows man-in-the-middle attackers to execute NDMP commands via unspecified vectors.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Nibin · textremotewindows
https://www.exploit-db.com/exploits/17517

This is a writeup describing a Man-in-the-Middle (MiTM) attack against Symantec Backup Exec. It references an external exploit code archive but does not contain actual exploit code in the provided text.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: Symantec Backup Exec for Windows Servers versions 11.0, 12.0, 12.5, 13.0, and 13.0 R2
No auth needed
Prerequisites: Network access to intercept traffic between client and server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=131489365508507&w=2
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8300
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/44698
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/47824

Scores

EPSS 0.0160
EPSS Percentile 72.8%

Details

CWE
CWE-20
Status published
Products (4)
symantec/backup_exec 11.0
symantec/backup_exec 12.0
symantec/backup_exec 12.5
symantec/backup_exec 13.0 (2 CPE variants)
Published May 31, 2011
Tracked Since Feb 18, 2026