CVE-2005-0772

moderate-risk
Published 2005-06-28

VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 through 9.1.307 for Netware, allows remote attackers to cause a denial of service (Remote Agent crash) via (1) a crafted packet in NDMLSRVR.DLL or (2) a request packet with an invalid (non-0) "Error Status" value, which triggers a null dereference.

Do I need to act?

!
11.3% chance of exploitation in next 30 days
EPSS score — higher than 89% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (2)

Affected Vendors

Veritas

References (12)

Broken Link http://secunia.com/advisories/15789
Broken Link http://securitytracker.com/id?1014273
Broken Link http://seer.support.veritas.com/docs/276533.htm
Broken Link http://seer.support.veritas.com/docs/277485.htm
Broken Link http://www.idefense.com/application/poi/display?id=270&type=vulnerabilities&flas...
Broken Link http://www.idefense.com/application/poi/display?id=271&type=vulnerabilities
Broken Link http://secunia.com/advisories/15789
Broken Link http://securitytracker.com/id?1014273
Broken Link http://seer.support.veritas.com/docs/276533.htm
Broken Link http://seer.support.veritas.com/docs/277485.htm
Broken Link http://www.idefense.com/application/poi/display?id=270&type=vulnerabilities&flas...
Broken Link http://www.idefense.com/application/poi/display?id=271&type=vulnerabilities
44
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 11/34 · Low
Exposure 7/34 · Low