Symantec Backup Exec Products Arbitrary Command Execution Vulnerability Network Vulnerability

Summary

This host is installed with Symantec Backup Exec Products and is prone to arbitrary command execution vulnerability.

Impact

Successful exploitation will allow remote attackers to cause privilege escalation by executing post authentication NDMP commands. Impact Level: Application.

Solution

Upgrade to the Symantec Backup Exec 2010 R3 For updates refer to http://www.symantec.com/business/products/family.jsp?familyid=backupexec

Insight

The flaw is due to weakness in communication protocol implementation and lack of validation of identity information exchanged between media server and remote agent.

Affected

Symantec Backup Exec for Windows Servers versions 11.0, 12.0, 12.5 Symantec Backup Exec 2010 versions 13.0, 13.0 R2

References

http://secunia.com/advisories/44698
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0546

CVSS	Base Score: 6.5 AV:A/AC:H/Au:S/C:C/I:C/A:C

Related Vulnerabilities

Adobe Reader Information Disclosure Vulnerability Jun05 (Mac OS X)
CA Gateway Security Remote Code Execution Vulnerability
Adobe Reader Information Disclosure & Denial of Service Vulnerabilities (Windows)
Apple Safari Multiple Memory Corruption Vulnerabilities-01 Aug14 (Mac OS X)
Apple Safari JavaScript Implementation Information Disclosure Vulnerability (Mac OS X)

Symantec Backup Exec Products Arbitrary Command Execution vulnerability

Take action and discover your vulnerabilities