CVE-2017-8895 Information
Feb 14, 2021
cve
Description
In Veritas Backup Exec 2014 before build 14.1.1187.1126 15 before build 14.2.1180.3160 and 16 before FP1 there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this vulnerability to crash the agent or potentially take control of the agent process and then the system it is running on.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
http://www.securityfocus.com/bid/98386 http://www.securitytracker.com/id/1038561 https://www.exploit-db.com/exploits/42282/ https://www.veritas.com/content/support/en_US/security/VTS17-006.htmlIssue1
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: