Symantec Backup Exec for Windows Multiple Vulnerabilities

Critical Nessus Plugin ID 34820


It is possible to bypass authentication in the remote backup agent.


The remote host is running a version of VERITAS Backup Exec Agent that is affected by multiple authentication bypass issues.

An attacker can exploit these issues to manage the backup agent or to execute commands with high privileges.


Apply the appropriate hotfix referenced in the vendor advisory.

See Also

Plugin Details

Severity: Critical

ID: 34820

File Name: veritas_agent_bypass.nbin

Version: $Revision: 1.30 $

Type: remote

Agent: windows

Family: Windows

Published: 2008/11/20

Modified: 2018/01/29

Dependencies: 11936, 20175

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2008/11/19

Vulnerability Publication Date: 2008/11/19

Reference Information

CVE: CVE-2008-5407, CVE-2008-5408

BID: 32346, 32347

OSVDB: 49980, 49981

CWE: 119