{"cve":{"cve_id":"CVE-2021-27877","is_kev":true,"kev_date_added":"2023-04-07","kev_vendor_project":"Veritas","kev_product":"Backup Exec Agent","kev_vulnerability_name":"Veritas Backup Exec Agent Improper Authentication Vulnerability","kev_short_description":"Veritas Backup Exec (BE) Agent contains an improper authentication vulnerability that could allow an attacker unauthorized access to the BE Agent via SHA authentication scheme.","kev_required_action":"Apply updates per vendor instructions.","kev_due_date":"2023-04-28","kev_known_ransomware":true,"kev_notes":"https://www.veritas.com/support/en_US/security/VTS21-001; https://nvd.nist.gov/vuln/detail/CVE-2021-27877","kev_cwes":["CWE-287"],"epss_score":0.6491,"epss_percentile":0.99145,"epss_as_of":"2026-06-23","description":"An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An attacker could remotely exploit this scheme to gain unauthorized access to an Agent and execute privileged commands.","published_at":"2021-03-01T21:49:36Z","last_modified_at":null,"cvss_v3_score":8.2,"cvss_v3_vector":"CVSS:3.1/AC:L/AV:N/A:N/C:H/I:L/PR:N/S:U/UI:N","cvss_v3_severity":"HIGH","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"active","ssvc_automatable":true,"ssvc_technical_impact":"partial","cwes":null,"nvd_references":["https://www.veritas.com/content/support/en_US/security/VTS21-001#issue1","http://packetstormsecurity.com/files/168506/Veritas-Backup-Exec-Agent-Remote-Code-Execution.html"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:31.350578Z","updated_at":"2026-06-28T23:15:23.238880Z"},"effective_severity":"HIGH","badges":["kev","ransomware","poc","epss"],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"A","name":"Availability","value":"N","value_label":"None"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[],"exploit_refs":[{"source":"nuclei","kind":"nuclei","url":"https://github.com/projectdiscovery/nuclei-templates/blob/main/network/cves/2021/CVE-2021-27877.yaml","title":"Veritas Backup Exec - Broken Authentication","author":"pussycat0x,DhiyaneshDK","disclosed_at":null}],"news":[],"references":[{"url":"https://www.veritas.com/content/support/en_US/security/VTS21-001#issue1","source_type":"MISC","tags":[]},{"url":"http://packetstormsecurity.com/files/168506/Veritas-Backup-Exec-Agent-Remote-Code-Execution.html","source_type":"EXPLOIT","tags":["exploit"]}],"timeline":[{"type":"published","at":"2021-03-01T21:49:36Z","label":"CVE published","source":null},{"type":"cisa_reported","at":"2023-04-07T00:00:00Z","label":"Added to CISA KEV catalog","source":"kev"},{"type":"poc_available","at":"2026-06-24T00:29:48.638073Z","label":"Public PoC available","source":"nuclei"},{"type":"ssvc_changed","at":"2026-06-24T00:31:38.771468Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:38.771468Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:38.771468Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:38.771468Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:38.771468Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:38.771468Z","label":"CVSS score revised","source":"vulnrichment"}]}