CVE-2021-27877 — Veritas Backup Exec Agent Improper Authentication Vulnerability
2023-04-07 • CISA Known Exploited Vulnerability
[event] Veritas Backup Exec (BE) Agent contains an improper authentication vulnerability that could allow an attacker unauthorized access to the BE Agent via SHA authentication scheme.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | Veritas |
| Product | Backup Exec Agent |
| CWE | CWE-287 |
| CVE ID | CVE-2021-27877 |
| Date Added | 2023-04-07 |
| Due Date | 2023-04-28 |
| Ransomware Campaign | Known — this vulnerability has been leveraged in ransomware campaigns |
> MITIGATION
Apply updates per vendor instructions.
Due Date: 2023-04-28