CVE-2021-27878 — Veritas Backup Exec Agent Command Execution Vulnerability

2023-04-07 • CISA Known Exploited Vulnerability

[event] Veritas Backup Exec (BE) Agent contains a command execution vulnerability that could allow an attacker to use a data management protocol command to execute a command on the BE Agent machine.

> AFFECTED SOFTWARE

Field	Value
Vendor	Veritas
Product	Backup Exec Agent
CWE	CWE-287
CVE ID	CVE-2021-27878
Date Added	2023-04-07
Due Date	2023-04-28
Ransomware Campaign	Known — this vulnerability has been leveraged in ransomware campaigns

> MITIGATION

Apply updates per vendor instructions.

Due Date: 2023-04-28

> REFERENCES

[1] https://www.veritas.com/support/en_US/security/VTS21-001
[2] https://nvd.nist.gov/vuln/detail/CVE-2021-27878