CVE-2017-8895

In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this vulnerability to crash the agent or potentially take control of the agent process and then the system it is running on.
References
Link Resource
http://www.securityfocus.com/bid/98386 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038561 Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/42282/ Third Party Advisory VDB Entry
https://www.veritas.com/content/support/en_US/security/VTS17-006.html#Issue1 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:veritas:backup_exec:*:*:*:*:*:*:*:*
cpe:2.3:a:veritas:backup_exec:*:*:*:*:*:*:*:*
cpe:2.3:a:veritas:backup_exec:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-05-10 21:29

Updated : 2024-02-28 15:44


NVD link : CVE-2017-8895

Mitre link : CVE-2017-8895

CVE.ORG link : CVE-2017-8895


JSON object : View

Products Affected

veritas

  • backup_exec
CWE
CWE-416

Use After Free