CVE-2017-8895

Sažetak

In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this vulnerability to crash the agent or potentially take control of the agent process and then the system it is running on.

Reference

https://www.veritas.com/content/support/en_US/security/VTS17-006.html#Issue1
http://www.securityfocus.com/bid/98386
http://www.securitytracker.com/id/1038561
https://www.exploit-db.com/exploits/42282/

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

12-08-2021 - 16:22

Objavljeno

10-05-2017 - 21:29