CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:H/Au:S/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
49.5%
Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does not validate identity information sent between the media server and the remote agent, which allows man-in-the-middle attackers to execute NDMP commands via unspecified vectors.
Vendor | Product | Version | CPE |
---|---|---|---|
symantec | backup_exec | 11.0 | cpe:2.3:a:symantec:backup_exec:11.0:*:*:*:*:*:*:* |
symantec | backup_exec | 12.0 | cpe:2.3:a:symantec:backup_exec:12.0:*:*:*:*:*:*:* |
symantec | backup_exec | 12.5 | cpe:2.3:a:symantec:backup_exec:12.5:*:*:*:*:*:*:* |
symantec | backup_exec | 13.0 | cpe:2.3:a:symantec:backup_exec:13.0:*:*:*:*:*:*:* |
symantec | backup_exec | 13.0 | cpe:2.3:a:symantec:backup_exec:13.0:r2:*:*:*:*:*:* |