In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this vulnerability to crash the agent or potentially take control of the agent process and then the system it is running on.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/98386 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1038561 | Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/42282/ | Third Party Advisory VDB Entry |
https://www.veritas.com/content/support/en_US/security/VTS17-006.html#Issue1 | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-05-10T21:00:00
Updated: 2020-09-24T22:19:00
Reserved: 2017-05-10T00:00:00
Link: CVE-2017-8895
JSON object: View
NVD Information
Status : Modified
Published: 2017-05-10T21:29:00.177
Modified: 2021-08-12T16:22:55.020
Link: CVE-2017-8895
JSON object: View
Redhat Information
No data.
CWE