VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 through 9.1.307 for Netware, allows remote attackers to cause a denial of service (Remote Agent crash) via (1) a crafted packet in NDMLSRVR.DLL or (2) a request packet with an invalid (non-0) "Error Status" value, which triggers a null dereference.

Threat-Mapped Scoring

Score: 1.5

Priority: P4 - Informational (Low)

• S10 – Denial of Service

EPSS

Score: 0.1127
Percentile: 0.93215

CVSS Scoring

Mapped CWE(s)

• CWE-476 : NULL Pointer Dereference

Affected Products

• cpe:2.3:a:veritas:backup_exec:*:*:*:*:*:windows_server:*:*
• cpe:2.3:a:veritas:backup_exec:*:*:*:*:*:netware:*:*

← Back to Home