Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2017-8895 | First vendor Publication | 2017-05-10 |
Vendor | Cve | Last vendor Modification | 2021-08-12 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | |||
---|---|---|---|
Overall CVSS Score | 9.8 | ||
Base Score | 9.8 | Environmental Score | 9.8 |
impact SubScore | 5.9 | Temporal Score | 9.8 |
Exploitabality Sub Score | 3.9 | ||
Attack Vector | Network | Attack Complexity | Low |
Privileges Required | None | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | High |
Integrity Impact | High | Availability Impact | High |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this vulnerability to crash the agent or potentially take control of the agent process and then the system it is running on. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8895 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-416 | Use After Free |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
Snort® IPS/IDS
Date | Description |
---|---|
2017-11-30 | Veritas Backup Exec Agent use after free attempt RuleID : 44701 - Revision : 2 - Type : SERVER-OTHER |
2017-11-30 | Veritas Backup Exec Agent use after free attempt RuleID : 44700 - Revision : 2 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-07-07 | Name : A remote data protection agent installed on the remote host is affected by a ... File : veritas_backup_exec_remote_agent_VTS17-006.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-08-12 21:23:34 |
|
2021-05-04 13:06:21 |
|
2021-04-22 02:20:01 |
|
2020-09-25 05:22:43 |
|
2020-05-23 13:17:10 |
|
2020-05-23 01:04:34 |
|
2018-09-17 17:19:34 |
|
2017-08-12 09:23:20 |
|
2017-07-08 13:24:44 |
|
2017-07-08 09:24:10 |
|
2017-05-25 09:22:31 |
|
2017-05-21 09:23:00 |
|
2017-05-11 05:22:24 |
|