Follow us:     
Veritas Logo Qual Logo
VERITAS has released the latest patches for “use-after-free” vulnerability in multiple Backup Exec agents that can lead to a denial-of-service or remote code execution. An attacker can potenially use this vulnerability to crash the agent or potentially take control of the agent process and then the system it is running on.
Use-after-free vulnerability in multiple Backup Exec agents:
CVE ID: CVE-2017-8895
Severity: Critical
CVSS v3 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
The affected agents are:
Backup Exec Agent for Windows
Backup Exec Agent for Linux
Backup Exec Agent for Mac
Affected Products:
Backup Exec 16 before FP1 (16.0.1142.1327)
Backup Exec 15 before 14.2.1180.3160
Backup Exec 2014 before 14.1.1187.1126
For details please visit
As part of normal best practices, Veritas recommends that customers:
Restrict access of administration or management systems to privileged users.
Restrict remote access, if required, to trusted/authorized systems only.
Keep all operating systems and applications updated with the latest vendor patches.
Follow a multi-layered approach to security. Run both firewall and anti-malware applications, at a minimum, to provide multiple points of detection and protection to both inbound and outbound threats.
Deploy network and host-based intrusion detection systems to monitor network traffic for signs of anomalous or suspicious activity. This may aid in detection of attacks or malicious activity related to exploitation of latent vulnerabilities
For further information and advise, please contact Qual Professional Services.
The IT Professional Services
+44 (0)1293 400 720
Bring your knowledge up to date with a choice of Training Courses.
See Courses
Head Office
Business Unit 10,
Gatwick Metro Centre, Balcombe Road,
Horley, Surrey RH6 9GA
City Office
1st Floor,
9 Devonshire Square,

Follow us on
Our social networks
Qual Limited Facebook Icon Qual Limited Twitter Icon Qual Limited Thirsty Club Icon Qual Limited Linkedin Icon