cbcvebase.
CVE-2005-0771
published 2005-06-23

CVE-2005-0771: VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows allows remote unauthenticated attackers to modify the registry by calling methods to the…

PriorityP261critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
54.16%
98.9th percentile
VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows allows remote unauthenticated attackers to modify the registry by calling methods to the RPC interface on TCP port 6106.

Affected

4 ranges
VendorProductVersion rangeFixed in
symantec_veritasbackup_exec
symantec_veritasbackup_exec
symantec_veritasbackup_exec
symantec_veritasbackup_exec

Detection & IOCsextracted from sources · hover to see the quote

portTCP/6106
processbeserver.exe
  • Monitor for unauthenticated inbound RPC connections to TCP port 6106 targeting beserver.exe (VERITAS Backup Exec Server), which may indicate exploitation attempts to remotely modify the Windows registry.
  • A Metasploit auxiliary module exists for this vulnerability (auxiliary/admin/backupexec/registry); presence of this module's traffic patterns or registry manipulation via the BackupExec RPC service should be treated as a high-confidence exploitation indicator.
  • ·Affected versions are VERITAS Backup Exec Server 9.0 through 10.0 for Windows only; scope detection rules accordingly.
  • ·The exploit is based on NDR stub information for the RPC interface; detection logic should account for the specific RPC method calls rather than generic port traffic.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.