CVE-2011-0546

Severity CVSS v4.0:
Pending analysis
Type:
CWE-20 Input Validation
Publication date:
31/05/2011
Last modified:
11/04/2025

Description

Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does not validate identity information sent between the media server and the remote agent, which allows man-in-the-middle attackers to execute NDMP commands via unspecified vectors.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:symantec:backup_exec:11.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:backup_exec:12.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:backup_exec:12.5:*:*:*:*:*:*:*
cpe:2.3:a:symantec:backup_exec:13.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:backup_exec:13.0:r2:*:*:*:*:*:*