Critical severity9.8NVD Advisory· Published May 10, 2017· Updated May 13, 2026

CVE-2017-8895

Description

In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this vulnerability to crash the agent or potentially take control of the agent process and then the system it is running on.

Affected products

Symantec/Backup Exec
cpe:2.3:a:veritas:backup_exec:*:*:*:*:*:*:*:*
Range: <14.1.1786.1126

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.veritas.com/content/support/en_US/security/VTS17-006.htmlnvdPatchVendor Advisory
www.securityfocus.com/bid/98386nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1038561nvdThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/42282/nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.054
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000