Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-0546

CWE-20Improper Input Validation4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.5%
top 34.95%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Symantec Backup Exec
Timeline
PublishedMay 31
Latest updateMay 17

Description

Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does not validate identity information sent between the media server and the remote agent, which allows man-in-the-middle attackers to execute NDMP commands via unspecified vectors.

CVSS vector

AV:A/AC:H/C:C/I:C/A:CExploitability: 2.5 | Impact: 10.0

Affected Packages1 packages

NVDsymantec/backup_exec4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-m2cg-qqj5-jw62: Symantec Backup Exec 112022-05-17
CVEList
CVE-2011-0546: Symantec Backup Exec 112011-05-31

💥Exploits & PoCs

1
Exploit-DB
Symantec Backup Exec 12.5 - Man In The Middle2011-07-09
CVE-2011-0546 (MEDIUM CVSS 6.5) | Symantec Backup Exec 11.0 | cvebase.io