CVE-2011-0546

Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does not validate identity information sent between the media server and the remote agent, which allows man-in-the-middle attackers to execute NDMP commands via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 UNKNOWN
ADJACENT_NETWORK
HIGH
AV:A/AC:H/Au:S/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
symantecbackup_exec
11.0
symantecbackup_exec
12.0
symantecbackup_exec
12.5
symantecbackup_exec
13.0
symantecbackup_exec
13.0:r2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://marc.info/?l=bugtraq&m=131489365508507&w=2
http://marc.info/?l=bugtraq&m=131489365508507&w=2
http://secunia.com/advisories/44698
http://securityreason.com/securityalert/8300
http://www.securityfocus.com/bid/47824
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110526_00
http://marc.info/?l=bugtraq&m=131489365508507&w=2
http://marc.info/?l=bugtraq&m=131489365508507&w=2
http://secunia.com/advisories/44698
http://securityreason.com/securityalert/8300
http://www.securityfocus.com/bid/47824
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110526_00