Veritas.Backup.Exec.Arbitrary.File.Download
Description
This vulnerability affects the VERITAS Backup Exec Remote Agent. An encrypted but static password transferred during the authentication process can be used to gain remote access. An attacker with knowledge of this password and access to the Remote Agent may be able to retrieve arbitrary files from a vulnerable system.
Affected Products
Veritas Software Backup Exec for Windows and Netware Servers 10.0 rev. 5520 and earlier versions. Veritas Software Backup Exec Remote Agent for Windows Server, for Unix/Linux Server and for NetWare Server. NetBackup for NetWare Media Servers 5.1 MP3 and earlier versions.
Impact
File access.
Recommended Actions
Apply appropriate patch from the vendor:
VERITAS Backup Exec for Windows Servers
http://support.veritas.com/docs/278434
VERITAS Backup Exec for NetWare Servers
http://support.veritas.com/docs/278431
VERITAS NetBackup for NetWare Media Server Option
http://support.veritas.com/docs/278430
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |