QID 378370
Date Published: 2023-05-02
QID 378370: Veritas Backup Exec Multiple Security Vulnerabilities (VTS21-001)
Veritas Backup Exec is a data protection software product designed for customers who have mixed physical and virtual environments.
There is a use-after-free vulnerability in multiple Veritas Backup Exec agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this vulnerability to crash the agent or potentially take control of the agent process and then the system it is running on.
Affected Versions
Backup Exec 16x
Backup Exec 20x
Backup Exec 21.1
QID Detection Logic (Authenticated)
This checks for vulnerable version of vxmon.exe file
NOTE: This QID is marked as Practice as we cannot check the registry keys using administrator account and make possible changes.
On successful exploitation an attacker gains unauthorized access to the BE Agent via SHA authentication scheme, an attacker to specially craft input parameters on a data management protocol command to access an arbitrary file on the BE Agent machine,an attacker to use a data management protocol command to execute an arbitrary command on the BE Agent machine.
If not applying a recommended remediation listed above, using an administrator account check for the following registry key. "Software\Veritas\Backup Exec For Windows\Backup Exec\Engine\Agents\XBSA\Machine\DBAID" If the registry key exists and the DBAID value is set to a non-zero value, no further action is required. If the registry key does not exist, create the registry key of type string (REG_SZ) and set the value of DBAID to a random hexadecimal string of the form . This will prevent an attacker from using the SHA authentication scheme.
CVEs related to QID 378370
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| VTS21-001 |
www.veritas.com/content/support/en_US/security/VTS21-001#issue1 |