CVE-2021-27877
HIGH KEV RANSOMWARE NUCLEIVeritas Backup Exec <21.2 - Privilege Escalation
Title source: llmExploitation Summary
CVE-2021-27877 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added April 7, 2023, with confirmed use in ransomware campaigns. A Nuclei detection template is also available.
Description
An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An attacker could remotely exploit this scheme to gain unauthorized access to an Agent and execute privileged commands.
Nuclei Templates (1)
Veritas Backup Exec - Broken Authentication
HIGHVERIFIEDby pussycat0x,DhiyaneshDK
Shodan:
product:"Veritas Backup Exec"
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
https://www.veritas.com/content/support/en_US/security/VTS21-001#issue1
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/168506/Veritas-Backup-Exec-Agent-Remote-Code-Execution.html
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-27877
Scores
CVSS v3
8.2
EPSS
0.4034
EPSS Percentile
97.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
yes
Technical Impact
partial
Details
CISA KEV
2023-04-07
VulnCheck KEV
2023-04-03
InTheWild.io
2023-04-07
ENISA EUVD
EUVD-2021-14615
Ransomware Use
Confirmed
Status
published
Products (1)
veritas/backup_exec
< 21.2
Published
Mar 01, 2021
KEV Added
Apr 07, 2023
Tracked Since
Feb 18, 2026