Symantec Backup Exec Server Unauthorized Access (SYM11-006)

This script is Copyright (C) 2011-2012 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a backup server installed that is
affected by an unauthorized access vulnerability.

Description :

According to its version number, the Symantec Backup Exec Server
installed on the remote Windows host is affected by an unauthorized
access vulnerability.

By performing a man-in-the-middle attack, a remote, unauthenticated
attacker could execute arbitrary code on the host subject to the
privileges of the user running the affected application.

See also :

http://www.ivizsecurity.com/security-advisory-iviz-sr-11001.html
http://www.nessus.org/u?a0cdc33b

Solution :

Upgrade to Symantec Backup Exec 2010 13.0 R3 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:A/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 55116 ()

Bugtraq ID: 47824

CVE ID: CVE-2011-0546

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now