Summary
This host is installed with Symantec Backup Exec Products and is prone to arbitrary command execution vulnerability.
Impact
Successful exploitation will allow remote attackers to cause privilege escalation by executing post authentication NDMP commands.
Impact Level: Application.
Solution
Upgrade to the Symantec Backup Exec 2010 R3
For updates refer to http://www.symantec.com/business/products/family.jsp?familyid=backupexec
Insight
The flaw is due to weakness in communication protocol implementation and lack of validation of identity information exchanged between media server and remote agent.
Affected
Symantec Backup Exec for Windows Servers versions 11.0, 12.0, 12.5 Symantec Backup Exec 2010 versions 13.0, 13.0 R2
References
Severity
Classification
-
CVE CVE-2011-0546 -
CVSS Base Score: 6.5
AV:A/AC:H/Au:S/C:C/I:C/A:C
Related Vulnerabilities
- Apple Remote Desktop Information Disclosure Vulnerability
- Adobe Reader 'SWF' Information Disclosure Vulnerability (Windows)
- Adobe Digital Edition Information Disclosure Vulnerability (Mac OS X)
- Apple Safari Secure Cookie Security Bypass Vulnerability (Windows)
- Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Mac OS X)