Symantec Backup Exec MiTM Attack

vendor:

Backup Exec

by:

Nibin

5.5

CVSS

MEDIUM

Man-in-the-Middle (MiTM) Attack

300

CWE

Product Name: Backup Exec

Affected Version From: Symantec Backup Exec for Windows Servers versions 11.0, 12.0, and 12.5

Affected Version To: Symantec Backup Exec 2010 versions 13.0 and 13.0 R2

Patch Exists: YES

Related CWE: CVE-2011-0546

CPE: a:symantec:backup_exec

Metasploit:

Other Scripts:

Platforms Tested: Windows

2011

Symantec Backup Exec MiTM Attack

The Symantec Backup Exec software is vulnerable to a MiTM attack. An attacker can intercept and modify the communication between the Backup Exec server and the client, potentially gaining unauthorized access to sensitive information.

Mitigation:

Symantec released a security advisory providing recommendations to mitigate the vulnerability. It is recommended to follow the steps mentioned in the advisory to protect the Backup Exec environment.

Source

Exploit-DB raw data:

Exploit Title: Symantec Backup Exec MiTM Attack
Date: 27/05/2011
Author: Nibin
Software Link: http://www.symantec.com/business/products/family.jsp?familyid=backupexec
Version:
 - Symantec Backup Exec for Windows Servers versions 11.0, 12.0, and 12.5
 - Symantec Backup Exec 2010 versions 13.0 and 13.0 R2
Tested on: Tested on Symantec Backup Exec 12.5 for Windows Servers
CVE : CVE-2011-0546
BID: 47824

Symantec Disclosure link:
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110526_00
iViZ Disclosure link: goo.gl/1vzdE

Exploit Code: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/17517.zip (SymantecReplay.zip)