CISA Known Exploited Vulnerability

CVE-2021-27877 Ransomware

Veritas · Backup Exec Agent

Veritas Backup Exec Agent Improper Authentication Vulnerability

Date added 2023-04-07

BOD 22-01 due date 2023-04-28

CWE CWE-287

Ransomware Known

CISA description

Veritas Backup Exec (BE) Agent contains an improper authentication vulnerability that could allow an attacker unauthorized access to the BE Agent via SHA authentication scheme.

Required action

Apply updates per vendor instructions.

Notes & references

https://www.veritas.com/support/en_US/security/VTS21-001
https://nvd.nist.gov/vuln/detail/CVE-2021-27877

Where this lands in 800-53

Vulnerability data triggers these controls during assessment and continuous monitoring.

RA-5 · Vulnerability Monitoring and Scanning
SI-2 · Flaw Remediation
CM-6 · Configuration Settings
SI-7 · Software, Firmware, and Information Integrity
CM-8 · System Component Inventory

External lookups

NVD · CVE-2021-27877
CVE.org · CVE-2021-27877
CISA KEV catalog (canonical)