CVE-2017-8895

In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this vulnerability to crash the agent or potentially take control of the agent process and then the system it is running on.

Published: May 10, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-8895
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
veritas / backup_exec	-	16.0.1142.1327
veritas / backup_exec	-	14.1.1786.1126
veritas / backup_exec	-	14.2.1180.3160

http://www.securityfocus.com/bid/98386
http://www.securitytracker.com/id/1038561
https://www.exploit-db.com/exploits/42282/
https://www.veritas.com/content/support/en_US/security/VTS17-006.html#Issue1

Vulnerability Database

289,697

CVE-2017-8895