Symantec Backup Exec Products Arbitrary Command Execution Vulnerability Network Vulnerability

Summary

This host is installed with Symantec Backup Exec Products and is prone to arbitrary command execution vulnerability.

Impact

Successful exploitation will allow remote attackers to cause privilege escalation by executing post authentication NDMP commands. Impact Level: Application.

Solution

Upgrade to the Symantec Backup Exec 2010 R3 For updates refer to http://www.symantec.com/business/products/family.jsp?familyid=backupexec

Insight

The flaw is due to weakness in communication protocol implementation and lack of validation of identity information exchanged between media server and remote agent.

Affected

Symantec Backup Exec for Windows Servers versions 11.0, 12.0, 12.5 Symantec Backup Exec 2010 versions 13.0, 13.0 R2

References

http://secunia.com/advisories/44698
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0546
CVSS Base Score: 6.5
AV:A/AC:H/Au:S/C:C/I:C/A:C

Related Vulnerabilities

Adobe Reader Old Plugin Signature Bypass Vulnerability (Windows)
CA Gateway Security Remote Code Execution Vulnerability
Apple Safari 'javascript: URI' XSS Vulnerability - Sep09
Apple Safari Secure Cookie Security Bypass Vulnerability (Mac OS X)
Apache Tomcat Default Accounts

Symantec Backup Exec Products Arbitrary Command Execution vulnerability

Take action and discover your vulnerabilities