7.3 High
AI Score
Confidence
Low
6.5 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:H/Au:S/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
48.4%
Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does not validate identity information sent between the media server and the remote agent, which allows man-in-the-middle attackers to execute NDMP commands via unspecified vectors.
CPE | Name | Operator | Version |
---|---|---|---|
backup_exec | eq | 11.0 | |
backup_exec | eq | 13.0 r2 | |
backup_exec | eq | 13.0 | |
backup_exec | eq | 12.0 | |
backup_exec | eq | 12.5 |