CVE-2013-4677 - Vulnerability Details - OpenCVE

Description

Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 uses weak permissions (Everyone: Read and Everyone: Change) for backup data files, which allows local users to obtain sensitive information or modify the outcome of a restore via direct access to these files.

Published: 2013-08-04

Score: 4.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

OR	cpe:2.3:a:symantec:backup_exec:2010:::::::*
	cpe:2.3:a:symantec:backup_exec:2010_r3:sp1::::::
	cpe:2.3:a:symantec:backup_exec:2010_r3:sp2::::::
	cpe:2.3:a:symantec:backup_exec:2012:::::::*
	cpe:2.3:a:symantec:backup_exec:2012:sp1::::::

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2013-4530	Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 uses weak permissions (Everyone: Read and Everyone: Change) for backup data files, which allows local users to obtain sensitive information or modify the outcome of a restore via direct access to these files.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00052.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://osvdb.org/95939
http://www.securityfocus.com/bid/61487
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_00

History

No history.

Subscriptions

Symantec Backup Exec

MITRE

Status: PUBLISHED

Assigner: symantec

Published: 2013-08-04T20:00:00.000Z

Updated: 2024-08-06T16:52:26.943Z

Reserved: 2013-06-24T00:00:00.000Z

Link: CVE-2013-4677

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2013-08-05T13:22:52.693

Modified: 2025-04-11T00:51:21.963

Link: CVE-2013-4677

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-08-01T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 uses weak permissions (Everyone: Read and Everyone: Change) for backup data files, which allows local users to obtain sensitive information or modify the outcome of a restore via direct access to these files."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-08-22T09:00:00.000Z", "orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "shortName": "symantec"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_00"}, {"name": "95939", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/95939"}, {"name": "61487", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/61487"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@symantec.com", "ID": "CVE-2013-4677", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 uses weak permissions (Everyone: Read and Everyone: Change) for backup data files, which allows local users to obtain sensitive information or modify the outcome of a restore via direct access to these files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_00", "refsource": "CONFIRM", "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_00"}, {"name": "95939", "refsource": "OSVDB", "url": "http://osvdb.org/95939"}, {"name": "61487", "refsource": "BID", "url": "http://www.securityfocus.com/bid/61487"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:52:26.943Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_00"}, {"name": "95939", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/95939"}, {"name": "61487", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/61487"}]}]}, "cveMetadata": {"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5", "assignerShortName": "symantec", "cveId": "CVE-2013-4677", "datePublished": "2013-08-04T20:00:00.000Z", "dateReserved": "2013-06-24T00:00:00.000Z", "dateUpdated": "2024-08-06T16:52:26.943Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:symantec:backup_exec:2010:*:*:*:*:*:*:*", "matchCriteriaId": "006EB76F-8F6B-4D19-81AB-B9133CBC1F47", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:backup_exec:2010_r3:sp1:*:*:*:*:*:*", "matchCriteriaId": "FD144D8C-99FA-44DC-949D-DF938AC3C6E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:backup_exec:2010_r3:sp2:*:*:*:*:*:*", "matchCriteriaId": "ADFAEEFA-E438-4611-A42E-A70C8F4D3F68", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:backup_exec:2012:*:*:*:*:*:*:*", "matchCriteriaId": "632557AF-509E-4FF8-B0CC-A44ABC56645B", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:backup_exec:2012:sp1:*:*:*:*:*:*", "matchCriteriaId": "DBDF5A56-FE35-49C8-A94B-FE120D2B714B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 uses weak permissions (Everyone: Read and Everyone: Change) for backup data files, which allows local users to obtain sensitive information or modify the outcome of a restore via direct access to these files."}, {"lang": "es", "value": "Symantec Backup Exec v2010 R3 anterior a v2010 R3 SP3 y v2012 anterior a SP2 utiliza permisos d\u00e9biles (todos los usuarios: Lectura y todos los usuarios: Cambiar) para archivos de datos de copia de seguridad, lo que permite a usuarios locales obtener informaci\u00f3n sensible o modificar el resultado de una restauraci\u00f3n a trav\u00e9s del acceso directo a estos ficheros."}], "id": "CVE-2013-4677", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-08-05T13:22:52.693", "references": [{"source": "secure@symantec.com", "url": "http://osvdb.org/95939"}, {"source": "secure@symantec.com", "url": "http://www.securityfocus.com/bid/61487"}, {"source": "secure@symantec.com", "tags": ["Vendor Advisory"], "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_00"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/95939"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/61487"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_00"}], "sourceIdentifier": "secure@symantec.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}