Vulnerability Details : CVE-2017-8895
Public exploit exists!
In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this vulnerability to crash the agent or potentially take control of the agent process and then the system it is running on.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2017-8895
Probability of exploitation activity in the next 30 days: 30.79%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 96 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2017-8895
-
Veritas/Symantec Backup Exec SSL NDMP Connection Use-After-Free
Disclosure Date: 2017-05-10First seen: 2020-04-26exploit/windows/backupexec/ssl_uafThis module exploits a use-after-free vulnerability in the handling of SSL NDMP connections in Veritas/Symantec Backup Exec's Remote Agent for Windows. When SSL is re-established on a NDMP connection that previously has had SSL established, the BIO struct for the con
CVSS scores for CVE-2017-8895
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-8895
-
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-8895
-
http://www.securitytracker.com/id/1038561
Veritas BackupExec Use-After-Free Memory Error Lets Remote Users Execute Arbitrary Code on the Target System - SecurityTrackerThird Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/42282/
Veritas/Symantec Backup Exec - SSL NDMP Connection Use-After-Free (Metasploit)Third Party Advisory;VDB Entry
-
https://www.veritas.com/content/support/en_US/security/VTS17-006.html#Issue1
VTS17-006: Use-After-Free Vulnerability in Multiple Veritas Backup Exec Agents | Veritas™Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/98386
Veritas Backup Exec Use After Free Remote Code Execution VulnerabilityThird Party Advisory;VDB Entry
Products affected by CVE-2017-8895
- cpe:2.3:a:veritas:backup_exec:*:*:*:*:*:*:*:*
- cpe:2.3:a:veritas:backup_exec:*:*:*:*:*:*:*:*
- cpe:2.3:a:veritas:backup_exec:*:*:*:*:*:*:*:*