Vulnerability-Lookup

CVE-2011-0546 (GCVE-0-2011-0546)

Vulnerability from cvelistv5 – Published: 2011-05-31 20:00 – Updated: 2024-08-06 21:58

Summary

Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does not validate identity information sent between the media server and the remote agent, which allows man-in-the-middle attackers to execute NDMP commands via unspecified vectors.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://marc.info/?l=bugtraq&m=131489365508507&w=2	vendor-advisoryx_refsource_HP
	http://securityreason.com/securityalert/8300	third-party-advisoryx_refsource_SREASON
	http://secunia.com/advisories/44698	third-party-advisoryx_refsource_SECUNIA
	http://marc.info/?l=bugtraq&m=131489365508507&w=2	vendor-advisoryx_refsource_HP
	http://www.securityfocus.com/bid/47824	vdb-entryx_refsource_BID
	http://www.symantec.com/security_response/securit…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:58:25.637Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "HPSBUX02700",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=131489365508507\u0026w=2"
          },
          {
            "name": "8300",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8300"
          },
          {
            "name": "44698",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44698"
          },
          {
            "name": "SSRT100506",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=131489365508507\u0026w=2"
          },
          {
            "name": "47824",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47824"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110526_00"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-05-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does not validate identity information sent between the media server and the remote agent, which allows man-in-the-middle attackers to execute NDMP commands via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-08-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "HPSBUX02700",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=131489365508507\u0026w=2"
        },
        {
          "name": "8300",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8300"
        },
        {
          "name": "44698",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44698"
        },
        {
          "name": "SSRT100506",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=131489365508507\u0026w=2"
        },
        {
          "name": "47824",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47824"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110526_00"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-0546",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does not validate identity information sent between the media server and the remote agent, which allows man-in-the-middle attackers to execute NDMP commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "HPSBUX02700",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=131489365508507\u0026w=2"
            },
            {
              "name": "8300",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8300"
            },
            {
              "name": "44698",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44698"
            },
            {
              "name": "SSRT100506",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=131489365508507\u0026w=2"
            },
            {
              "name": "47824",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/47824"
            },
            {
              "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110526_00",
              "refsource": "CONFIRM",
              "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110526_00"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-0546",
    "datePublished": "2011-05-31T20:00:00",
    "dateReserved": "2011-01-20T00:00:00",
    "dateUpdated": "2024-08-06T21:58:25.637Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-0546\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2011-05-31T20:55:01.563\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does not validate identity information sent between the media server and the remote agent, which allows man-in-the-middle attackers to execute NDMP commands via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Symantec Backup Exec v11.0, v12.0, v12.5, v13.0 y v13.0R2 no valida la informaci\u00f3n de identidad enviada entre el servidor media y el agente remoto, que permite a los atacantes de hombre-en-medio (man in the middle) para ejecutar comandos NDMP a trav\u00e9s de de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:H/Au:S/C:C/I:C/A:C\",\"baseScore\":6.5,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":2.5,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:backup_exec:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"588376ED-95B0-4A05-B412-F52CDD9E76F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:backup_exec:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B232C57-2543-4E88-96CF-A91B4915DC4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:backup_exec:12.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF55A13F-D3C7-4497-869D-2B0EB8FBE3AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:backup_exec:13.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71E52C0A-48F6-4349-AF54-1614662996A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:backup_exec:13.0:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"95269E45-6B4B-46D5-AE55-4025ECF60CB5\"}]}]}],\"references\":[{\"url\":\"http://marc.info/?l=bugtraq\u0026m=131489365508507\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/44698\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/8300\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/47824\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110526_00\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=131489365508507\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/44698\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/8300\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/47824\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110526_00\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2011-AVI-319

Vulnerability from certfr_avis - Published: 2011-05-27 - Updated: 2011-05-27

Une vulnérabilité dans Symantec Backup Exec permet à un utilisateur malveillant de réaliser une attaque de type homme du milieu.

Description

Une vulnérabilité affecte le protocole d'identification des agents auprès du serveur Backup Exec. Celle-ci permet à un utilisateur non autorisé de se faire passer pour un utilisateur légitime et d'envoyer des commandes au serveur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Symantec	N/A	Symantec Backup Exec pour Windows Servers versions 11.0, 12.0 et 12.5.
	Symantec	N/A	Symantec Backup Exec versions 13.0 et 13.0 R2 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Symantec SYM11-006

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Symantec Backup Exec pour Windows Servers versions 11.0, 12.0 et 12.5.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec Backup Exec versions 13.0 et 13.0 R2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 affecte le protocole d\u0027identification des agents\naupr\u00e8s du serveur Backup Exec. Celle-ci permet \u00e0 un utilisateur non\nautoris\u00e9 de se faire passer pour un utilisateur l\u00e9gitime et d\u0027envoyer\ndes commandes au serveur.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0546"
    }
  ],
  "initial_release_date": "2011-05-27T00:00:00",
  "last_revision_date": "2011-05-27T00:00:00",
  "links": [],
  "reference": "CERTA-2011-AVI-319",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-05-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans Symantec Backup Exec permet \u00e0 un utilisateur\nmalveillant de r\u00e9aliser une attaque de type homme du milieu.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Symantec Backup Exec",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Symantec SYM11-006",
      "url": "http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110526_00"
    }
  ]
}

CERTA-2011-AVI-487

Vulnerability from certfr_avis - Published: 2011-09-01 - Updated: 2011-09-01

Plusieurs vulnérabilités, qui ne sont pas toutes détaillées par l'éditeur, permettent l'exécution de code à distance ou le déni de service à distance.

Description

Plusieurs vulnérabilités ont été corrigées dans Veritas Enterprise Administrator. Toutes ne sont pas précisées, certaines d'entre elles permettent l'exécution de code arbitraire à distance ou encore un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

HP-UX versions B.11.11, B.11.23 et B.11.31.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité HP n0 c02962262 du 24 août 2011	None	vendor-advisory
Bulletin de sécurité HP c02962262 du 24 août 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eHP-UX versions B.11.11, B.11.23 et B.11.31.\u003c/P\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Veritas Enterprise\nAdministrator. Toutes ne sont pas pr\u00e9cis\u00e9es, certaines d\u0027entre elles\npermettent l\u0027ex\u00e9cution de code arbitraire \u00e0 distance ou encore un d\u00e9ni\nde service.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0546"
    }
  ],
  "initial_release_date": "2011-09-01T00:00:00",
  "last_revision_date": "2011-09-01T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP c02962262 du 24 ao\u00fbt 2011 :",
      "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02962262"
    }
  ],
  "reference": "CERTA-2011-AVI-487",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-09-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s, qui ne sont pas toutes d\u00e9taill\u00e9es par\nl\u0027\u00e9diteur, permettent l\u0027ex\u00e9cution de code \u00e0 distance ou le d\u00e9ni de\nservice \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans HP-UX Veritas Enterprise Administrator",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP n0 c02962262 du 24 ao\u00fbt 2011",
      "url": null
    }
  ]
}

GSD-2011-0546

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-0546

Aliases

CVE-2011-0546

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-0546",
    "description": "Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does not validate identity information sent between the media server and the remote agent, which allows man-in-the-middle attackers to execute NDMP commands via unspecified vectors.",
    "id": "GSD-2011-0546",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2011-0546"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-0546"
      ],
      "details": "Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does not validate identity information sent between the media server and the remote agent, which allows man-in-the-middle attackers to execute NDMP commands via unspecified vectors.",
      "id": "GSD-2011-0546",
      "modified": "2023-12-13T01:19:04.306464Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2011-0546",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does not validate identity information sent between the media server and the remote agent, which allows man-in-the-middle attackers to execute NDMP commands via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "HPSBUX02700",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=131489365508507\u0026w=2"
          },
          {
            "name": "8300",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/8300"
          },
          {
            "name": "44698",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/44698"
          },
          {
            "name": "SSRT100506",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=131489365508507\u0026w=2"
          },
          {
            "name": "47824",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/47824"
          },
          {
            "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110526_00",
            "refsource": "CONFIRM",
            "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110526_00"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:symantec:backup_exec:12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:backup_exec:12.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:backup_exec:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:backup_exec:13.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:backup_exec:13.0:r2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-0546"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does not validate identity information sent between the media server and the remote agent, which allows man-in-the-middle attackers to execute NDMP commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "47824",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/47824"
            },
            {
              "name": "44698",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/44698"
            },
            {
              "name": "8300",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/8300"
            },
            {
              "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110526_00",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110526_00"
            },
            {
              "name": "SSRT100506",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=131489365508507\u0026w=2"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.5,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:A/AC:H/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 2.5,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2016-08-23T02:03Z",
      "publishedDate": "2011-05-31T20:55Z"
    }
  }
}

GHSA-M2CG-QQJ5-JW62

Vulnerability from github – Published: 2022-05-17 03:50 – Updated: 2022-05-17 03:50

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-0546"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-05-31T20:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does not validate identity information sent between the media server and the remote agent, which allows man-in-the-middle attackers to execute NDMP commands via unspecified vectors.",
  "id": "GHSA-m2cg-qqj5-jw62",
  "modified": "2022-05-17T03:50:23Z",
  "published": "2022-05-17T03:50:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0546"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=131489365508507\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/44698"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/8300"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/47824"
    },
    {
      "type": "WEB",
      "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110526_00"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2011-0546

Vulnerability from fkie_nvd - Published: 2011-05-31 20:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://marc.info/?l=bugtraq&m=131489365508507&w=2
cve@mitre.org	http://secunia.com/advisories/44698	Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/8300
cve@mitre.org	http://www.securityfocus.com/bid/47824
cve@mitre.org	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110526_00
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=131489365508507&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44698	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/8300
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/47824
af854a3a-2127-422b-91ae-364da2661108	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110526_00

Impacted products

Vendor	Product	Version
symantec	backup_exec	11.0
symantec	backup_exec	12.0
symantec	backup_exec	12.5
symantec	backup_exec	13.0
symantec	backup_exec	13.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:symantec:backup_exec:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "588376ED-95B0-4A05-B412-F52CDD9E76F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:backup_exec:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B232C57-2543-4E88-96CF-A91B4915DC4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:backup_exec:12.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF55A13F-D3C7-4497-869D-2B0EB8FBE3AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:backup_exec:13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "71E52C0A-48F6-4349-AF54-1614662996A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:backup_exec:13.0:r2:*:*:*:*:*:*",
              "matchCriteriaId": "95269E45-6B4B-46D5-AE55-4025ECF60CB5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does not validate identity information sent between the media server and the remote agent, which allows man-in-the-middle attackers to execute NDMP commands via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Symantec Backup Exec v11.0, v12.0, v12.5, v13.0 y v13.0R2 no valida la informaci\u00f3n de identidad enviada entre el servidor media y el agente remoto, que permite a los atacantes de hombre-en-medio (man in the middle) para ejecutar comandos NDMP a trav\u00e9s de de vectores no especificados."
    }
  ],
  "id": "CVE-2011-0546",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.5,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:A/AC:H/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-05-31T20:55:01.563",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=131489365508507\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44698"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/8300"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/47824"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110526_00"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=131489365508507\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44698"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/8300"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/47824"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110526_00"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-0546 (GCVE-0-2011-0546)

CERTA-2011-AVI-319

Description

Solution

CERTA-2011-AVI-487

Description

Solution

GSD-2011-0546

GHSA-M2CG-QQJ5-JW62

FKIE_CVE-2011-0546

Tags

Sightings

Nomenclature