FYSA: Veritas Backup Exec prior to 21.2. - A known exploit is available in the wild

This is a vulnerability reported and patched in 2021, however organized ransomware groups have recently been seen exploiting vulnerabilities found in unpatched, internet-exposed assets running the Veritas Backup Exec Agent to gain initial access and achieve escalation of privileges on vulnerable endpoints.

Veritas urges all customers to immediately update to Backup Exec version 21.2 or later if they have not already done so.

• March 2023: A known exploit is available in the wild for the vulnerabilities and could be used as part of a ransomware attack.

Summary

Backup Exec versions 16.x, 20.x and 21.1 are affected.

Veritas Backup Exec version 21.2 includes fixes for three security issues.

• Veritas Backup Exec Agent File Access Vulnerability CVSSv3 8.1 - https://nvd.nist.gov/vuln/detail/CVE-2021-27876
• Veritas Backup Exec Agent Improper Authentication Vulnerability CVSSv3 8.2 - https://nvd.nist.gov/vuln/detail/CVE-2021-27877
• Veritas Backup Exec Agent Command Execution Vulnerability CVSSv3 8.8 - https://nvd.nist.gov/vuln/detail/CVE-2021-27878

If you have updated to version 21.2 or later, no additional action is needed to address these vulnerabilities at this time.

Additional Information:

• https://www.veritas.com/support/en_US/security/VTS21-001
• https://www.bleepingcomputer.com/news/security/alphv-ransomware-exploits-veritas-backup-exec-bugs-for-initial-access/