How should we interpret CVSS severity scores?

CVSS estimates technical severity, but it does not automatically equal business risk. Prioritize using context like internet exposure, asset criticality, known exploitation, and whether compensating controls exist. A Medium CVSS on an exposed production system can be more urgent than a Critical on an isolated non-production host.

Vulnerability Database

Q: What is a Vulnerability (CVE) and why does it matter?

A security vulnerability is a weakness in software, hardware, or configuration that can be exploited to compromise confidentiality, integrity, or availability. Many vulnerabilities are tracked as CVEs (Common Vulnerabilities and Exposures), which provide a standardized identifier so teams can coordinate patching, mitigation, and risk assessment across tools and vendors.

Q: What's the difference between a vulnerability, an exploit, and a zero-day?

A vulnerability is the underlying weakness. An exploit is the method or code used to take advantage of it. A zero-day is a vulnerability that is unknown to the vendor or has no publicly available fix when attackers begin using it. Risk increases sharply when exploitation becomes reliable or widespread.

Q: Why do vulnerabilities keep reappearing in our environment?

Recurring findings usually come from incomplete asset discovery, inconsistent patch management, inherited images, and configuration drift. In modern environments, you also need to watch the software supply chain: dependencies, containers, build pipelines, and third-party services can reintroduce the same weakness even after you patch a single host.

Q: How do we prioritize remediation without burning out the team?

Use a repeatable triage model: focus first on externally exposed assets, high-value systems (identity, VPN, email, production), vulnerabilities with known exploits, and issues that enable remote code execution or privilege escalation. Then enforce patch SLAs and track progress so remediation is steady, not reactive.

Q: How can SynScan help reduce vulnerability risk over time?

SynScan combines attack surface monitoring and continuous security auditing to keep your inventory current, flag high-impact vulnerabilities early, and help you turn raw findings into a practical remediation plan.

346,508

Total vulnerabilities in the database

CVE-2005-2611 — symantec_veritas / backup_exec_remote_agent

VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec for NetWare Servers 9.0 and 9.1, and NetBackup for NetWare Media Server Option 4.5 through 5.1 uses a static password during authentication from the NDMP agent to the server, which allows remote attackers to read and write arbitrary files with the backup server.

Published: Aug 17, 2005
Updated: Nov 9, 2025
CVE: CVE-2005-2611
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
symantec_veritas / backup_exec_remote_agent	netware_server	netware_server.x
symantec_veritas / netbackup	netware_media_servers_4.5_mp3	netware_media_servers_4.5_mp3.x
symantec_veritas / netbackup	netware_media_servers_4.5_mp7	netware_media_servers_4.5_mp7.x
symantec_veritas / backup_exec	netware_servers_9.0.4019	netware_servers_9.0.4019.x
symantec_veritas / backup_exec	windows_servers_9.1_rev._4691	windows_servers_9.1_rev._4691.x
symantec_veritas / netbackup	netware_media_servers_4.5_mp4	netware_media_servers_4.5_mp4.x
symantec_veritas / netbackup	netware_media_servers_4.5_fp1	netware_media_servers_4.5_fp1.x
symantec_veritas / netbackup	netware_media_servers_4.5_mp8	netware_media_servers_4.5_mp8.x
symantec_veritas / backup_exec_remote_agent	windows_server	windows_server.x
symantec_veritas / netbackup	netware_media_servers_4.5_fp8	netware_media_servers_4.5_fp8.x
symantec_veritas / backup_exec	windows_servers_9.1	windows_servers_9.1.x
symantec_veritas / netbackup	netware_media_servers_5.1_mp2	netware_media_servers_5.1_mp2.x
symantec_veritas / backup_exec	windows_servers_9.0_rev._4367_sp1	windows_servers_9.0_rev._4367_sp1.x
symantec_veritas / backup_exec	netware_servers_9.0.4174	netware_servers_9.0.4174.x
symantec_veritas / backup_exec	windows_servers_9.0_rev._4454	windows_servers_9.0_rev._4454.x
symantec_veritas / netbackup	netware_media_servers_4.5_fp6	netware_media_servers_4.5_fp6.x
symantec_veritas / netbackup	netware_media_servers_4.5_mp5	netware_media_servers_4.5_mp5.x
symantec_veritas / netbackup	netware_media_servers_4.5_fp4	netware_media_servers_4.5_fp4.x
symantec_veritas / backup_exec	netware_servers_9.1.1152	netware_servers_9.1.1152.x
symantec_veritas / netbackup	netware_media_servers_4.5	netware_media_servers_4.5.x
symantec_veritas / backup_exec	netware_servers_9.1.1156	netware_servers_9.1.1156.x
symantec_veritas / netbackup	netware_media_servers_5.0_mp4	netware_media_servers_5.0_mp4.x
symantec_veritas / netbackup	netware_media_servers_5.0_mp1	netware_media_servers_5.0_mp1.x
symantec_veritas / backup_exec	windows_servers_10.0_rev._5484_sp1	windows_servers_10.0_rev._5484_sp1.x
symantec_veritas / backup_exec	windows_servers_9.0	windows_servers_9.0.x
symantec_veritas / netbackup	netware_media_servers_5.1_mp1	netware_media_servers_5.1_mp1.x
symantec_veritas / netbackup	netware_media_servers_4.5_fp3	netware_media_servers_4.5_fp3.x
symantec_veritas / netbackup	netware_media_servers_5.0	netware_media_servers_5.0.x
symantec_veritas / backup_exec_remote_agent	unix_linux_server	unix_linux_server.x
symantec_veritas / backup_exec	windows_servers_8.6	windows_servers_8.6.x
symantec_veritas / backup_exec	netware_servers_9.1.1151_.1	netware_servers_9.1.1151_.1.x
symantec_veritas / backup_exec	netware_servers_9.1.307	netware_servers_9.1.307.x
symantec_veritas / backup_exec	netware_servers_9.0.4202	netware_servers_9.0.4202.x
symantec_veritas / netbackup	netware_media_servers_4.5_fp7	netware_media_servers_4.5_fp7.x
symantec_veritas / backup_exec	netware_servers_9.1.1067_.3	netware_servers_9.1.1067_.3.x
symantec_veritas / backup_exec	netware_servers_9.0.4172	netware_servers_9.0.4172.x
symantec_veritas / netbackup	netware_media_servers_5.1_mp3	netware_media_servers_5.1_mp3.x
symantec_veritas / backup_exec	netware_servers_9.1.1127_.1	netware_servers_9.1.1127_.1.x
symantec_veritas / netbackup	netware_media_servers_4.5_fp2	netware_media_servers_4.5_fp2.x
symantec_veritas / backup_exec	netware_servers_9.1.306	netware_servers_9.1.306.x
symantec_veritas / netbackup	netware_media_servers_4.5_mp2	netware_media_servers_4.5_mp2.x
symantec_veritas / netbackup	netware_media_servers_5.0_mp5	netware_media_servers_5.0_mp5.x
symantec_veritas / netbackup	netware_media_servers_5.0_mp2	netware_media_servers_5.0_mp2.x
symantec_veritas / netbackup	netware_media_servers_4.5_fp5	netware_media_servers_4.5_fp5.x
symantec_veritas / netbackup	netware_media_servers_4.5_mp6	netware_media_servers_4.5_mp6.x
symantec_veritas / backup_exec	windows_servers_9.1_rev._4691_sp2	windows_servers_9.1_rev._4691_sp2.x
symantec_veritas / backup_exec	windows_servers_9.0_rev._4367	windows_servers_9.0_rev._4367.x
symantec_veritas / netbackup	netware_media_servers_5.1	netware_media_servers_5.1.x
symantec_veritas / netbackup	netware_media_servers_4.5_mp1	netware_media_servers_4.5_mp1.x
symantec_veritas / backup_exec	windows_servers_10.0_rev._5484	windows_servers_10.0_rev._5484.x
symantec_veritas / backup_exec	netware_servers_9.0.4170	netware_servers_9.0.4170.x
symantec_veritas / netbackup	netware_media_servers_5.0_mp3	netware_media_servers_5.0_mp3.x
symantec_veritas / backup_exec	netware_servers_9.1.1154	netware_servers_9.1.1154.x
symantec_veritas / backup_exec	windows_servers_9.0_rev._4454_sp1	windows_servers_9.0_rev._4454_sp1.x
symantec_veritas / backup_exec	netware_servers_9.1.1067_.2	netware_servers_9.1.1067_.2.x
symantec_veritas / backup_exec	windows_servers_10.0_rev._5520	windows_servers_10.0_rev._5520.x
symantec_veritas / backup_exec	netware_servers_9.1.1152_.4	netware_servers_9.1.1152_.4.x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo

Frequently Asked Questions

What is a Vulnerability (CVE) and why does it matter?

A security vulnerability is a weakness in software, hardware, or configuration that can be exploited to compromise confidentiality, integrity, or availability. Many vulnerabilities are tracked as CVEs (Common Vulnerabilities and Exposures), which provide a standardized identifier so teams can coordinate patching, mitigation, and risk assessment across tools and vendors.

CVSS (Common Vulnerability Scoring System) estimates technical severity, but it doesn't automatically equal business risk. Prioritize using context like internet exposure, affected asset criticality, known exploitation (proof-of-concept or in-the-wild), and whether compensating controls exist. A "Medium" CVSS on an exposed, production system can be more urgent than a "Critical" on an isolated, non-production host.

A vulnerability is the underlying weakness. An exploit is the method or code used to take advantage of it. A zero-day is a vulnerability that is unknown to the vendor or has no publicly available fix when attackers begin using it. In practice, risk increases sharply when exploitation becomes reliable or widespread.

Recurring findings usually come from incomplete Asset Discovery, inconsistent patch management, inherited images, and configuration drift. In modern environments, you also need to watch the software supply chain: dependencies, containers, build pipelines, and third-party services can reintroduce the same weakness even after you patch a single host. Unknown or unmanaged assets (often called Shadow IT) are a common reason the same issues resurface.

Use a simple, repeatable triage model: focus first on externally exposed assets, high-value systems (identity, VPN, email, production), vulnerabilities with known exploits, and issues that enable remote code execution or privilege escalation. Then enforce patch SLAs and track progress using consistent metrics so remediation is steady, not reactive.

SynScan combines attack surface monitoring and continuous security auditing to keep your inventory current, flag high-impact vulnerabilities early, and help you turn raw findings into a practical remediation plan.