CVE-2008-5407

CWE-287Improper Authentication3 documents3 sources
Severity
9.4CRITICAL
EPSS
1.4%
top 19.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Symantec Backup Exec FOR Windows Server
Timeline
PublishedDec 10
Latest updateMay 17

Description

Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and read or delete files, via unknown vectors.

CVSS vector

AV:N/AC:L/C:C/I:N/A:CExploitability: 10.0 | Impact: 9.2

Affected Packages1 packages

NVDsymantec/backup_exec11d, 12.0, 12.5+2

Patches

Patch: secunia.comPatch: securityresponse.symantec.comPatch: seer.entsupport.symantec.com

🔴Vulnerability Details

2
GHSA
GHSA-gv6g-6q5c-xwrm: Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 112022-05-17
CVEList
CVE-2008-5407: Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 112008-12-09
CVE-2008-5407 (CRITICAL CVSS 9.4) | Multiple unspecified vulnerabilitie | cvebase.io