Описание
Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does not validate identity information sent between the media server and the remote agent, which allows man-in-the-middle attackers to execute NDMP commands via unspecified vectors.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:symantec:backup_exec:11.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:backup_exec:12.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:backup_exec:12.5:*:*:*:*:*:*:*
cpe:2.3:a:symantec:backup_exec:13.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:backup_exec:13.0:r2:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.0062
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
github
больше 3 лет назад
Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does not validate identity information sent between the media server and the remote agent, which allows man-in-the-middle attackers to execute NDMP commands via unspecified vectors.
EPSS
Процентиль: 70%
0.0062
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-20