CVE-2017-8895

CRITICAL

Veritas Backup Exec <16 FP1 - Use After Free

Title source: llm

Description

In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this vulnerability to crash the agent or potentially take control of the agent process and then the system it is running on.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/42282

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by Matthew Daley · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/backupexec/ssl_uaf.rb

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/98386

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1038561

[Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/42282/

[Patch, Vendor Advisory] https://www.veritas.com/content/support/en_US/security/VTS17-006.html#Issue1

Scores

CVSS v3 9.8

EPSS 0.6706

EPSS Percentile 98.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (1)

veritas/backup_exec < 14.1.1786.1126

Published May 10, 2017

Tracked Since Feb 18, 2026