The US Cybersecurity and Infrastructure Security Agency (CISA) has recently ordered federal agencies to patch three Veritas Backup Exec vulnerabilities, which have been exploited in ransomware attacks. The three vulnerabilities, tracked as CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878, were all identified in the SHA Authentication scheme of the Veritas Backup Exec agent and could allow an attacker to access arbitrary files or execute arbitrary commands. In September 2022, a Metasploit module exploiting these vulnerabilities was released and in October, in-the-wild exploitation attempts were observed.
Mandiant recently warned that the three flaws have been exploited in Alphv (BlackCat) ransomware attacks for initial access. They estimated that there are roughly 8,500 Veritas Backup Exec instances exposed to the internet, some of which might be vulnerable to these flaws. Veritas updated their 2021 advisory to warn customers of the observed exploitation attempts and CISA added the five security defects to the Known Exploited Vulnerabilities catalog on April 7. Per Binding Operational Directive (BOD) 22-01, federal agencies have until April 28 to apply the available patches.
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning to federal agencies to patch three Veritas Backup Exec vulnerabilities exploited in ransomware attacks. The three issues, CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878, are all related to the SHA Authentication scheme and could allow an attacker to access arbitrary files or execute arbitrary commands. A Metasploit module exploiting these vulnerabilities was released in September 2022, and in-the-wild exploitation attempts have been observed in October.
Mandiant has warned that the three vulnerabilities have been exploited in Alphv (BlackCat) ransomware attacks for initial access and that there are roughly 8,500 Veritas Backup Exec instances exposed to the internet, some of which may be vulnerable. Veritas has updated their 2021 advisory to warn customers of the observed exploitation attempts, and CISA has added the five security defects to the Known Exploited Vulnerabilities catalog. Per the Binding Operational Directive (BOD) 22-01, federal agencies have until April 28 to apply the available patches.
In summary, the US Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch three Veritas Backup Exec vulnerabilities, tracked as CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878, which have been exploited in ransomware attacks. The flaws could allow an attacker to access arbitrary files or execute arbitrary commands and have been observed in Alphv (BlackCat) ransomware attacks. Veritas has updated their 2021 advisory to warn customers of the observed exploitation attempts and CISA has added the five security defects to the Known Exploited Vulnerabilities catalog. Federal agencies have until April 28 to apply the available patches.
Key Points:
- US Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch three Veritas Backup Exec vulnerabilities, tracked as CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878.
- The flaws could allow an attacker to access arbitrary files or execute arbitrary commands and have been observed in Alphv (BlackCat) ransomware attacks.
- Veritas has updated their 2021 advisory to warn customers of the observed exploitation attempts and CISA has added the five security defects to the Known Exploited Vulnerabilities catalog.
- Federal agencies have until April 28 to apply the available patches.