CVE-2013-4678
low
CVSS v3
—
CVSS v2
2.7
VIR risk
2.7
Description
The NDMP protocol implementation in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allows remote authenticated users to obtain sensitive host-version information via unspecified vectors.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secure@symantec.com — http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_00
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| symantec | backup_exec | 2010 | |
| symantec | backup_exec | 2010_r3 | |
| symantec | backup_exec | 2012 | |
References
- http://www.securityfocus.com/bid/61488
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_00
- http://www.securityfocus.com/bid/61488
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_00
CWEs
CWE-200
Verify integrity in audit chain (admin only). AS-IS.