CVE-2021-27877

HIGH KEV RANSOMWARE NUCLEI

Veritas Backup Exec <21.2 - Privilege Escalation

Title source: llm

Description

An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An attacker could remotely exploit this scheme to gain unauthorized access to an Agent and execute privileged commands.

Nuclei Templates (1)

Veritas Backup Exec - Broken Authentication

HIGHVERIFIEDby pussycat0x,DhiyaneshDK

Shodan: product:"Veritas Backup Exec"

References (3)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/168506/Veritas-Backup-Exec-Agent-Remote-Code-Execution.html

[Vendor Advisory] https://www.veritas.com/content/support/en_US/security/VTS21-001#issue1

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-27877

Scores

CVSS v3 8.2

EPSS 0.4073

EPSS Percentile 97.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Details

CISA KEV 2023-04-07

VulnCheck KEV 2023-04-03

InTheWild.io 2023-04-07

ENISA EUVD EUVD-2021-14615

Ransomware Use Confirmed

Status published

Products (1)

veritas/backup_exec < 21.2

Published Mar 01, 2021

KEV Added Apr 07, 2023

Tracked Since Feb 18, 2026