Vulnerability Details CVE-2017-8895
In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this vulnerability to crash the agent or potentially take control of the agent process and then the system it is running on.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.671
EPSS Ranking 98.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- http://www.securityfocus.com/bid/98386
- http://www.securitytracker.com/id/1038561
- https://www.exploit-db.com/exploits/42282/
- https://www.veritas.com/content/support/en_US/security/VTS17-006.html#Issue1
- http://www.securityfocus.com/bid/98386
- http://www.securitytracker.com/id/1038561
- https://www.exploit-db.com/exploits/42282/
- https://www.veritas.com/content/support/en_US/security/VTS17-006.html#Issue1
Products affected by CVE-2017-8895
-
cpe:2.3:a:veritas:backup_exec:10.0
-
cpe:2.3:a:veritas:backup_exec:14.1.1786.1126
-
cpe:2.3:a:veritas:backup_exec:14.2.1180.3160
-
cpe:2.3:a:veritas:backup_exec:15.1180
-
cpe:2.3:a:veritas:backup_exec:9.0
-
cpe:2.3:a:veritas:backup_exec:9.0.4019
-
cpe:2.3:a:veritas:backup_exec:9.1.307