Back
NCC Group Publication Archive
Cyber Security
Technical advisories

November 5, 2015

2 mins read

Symantec Backup Exec 2012 – Backup Exec Utility Stored XSS when adding Groups, Servers and Computers

Summary

Name: Symantec Backup Exec 2012 – Backup Exec Utility Stored XSS when adding Groups, Servers and Computers
Release Date: 20 August 2012
Reference: NGS00340
Discoverer: Matt Lewis <matt.lewis@nccgroup.com>
Vendor: Symantec
CVE Reference: CVE-2013-4676
Systems Affected: Symantec Backup Exec 2012
Risk: High
Status: Released

TimeLine

Discovered: 6 July 2012
Released: 6 July 2012
Approved: 6 July 2012
Reported: 6 July 2012
Fixed: 1 August 2013
Published: 30 September 2013

Description

Symantec Backup Exec 2012 – Backup Exec Utility Stored XSS when adding groups, Servers and Computers

I. VULNERABILITY

The Symantec Backup Exec 2012 Utility program which ships with the product
(BEUtility.exe) is vulnerable to stored XSS. This is exploitable by anyone
with execution privileges on the BEUtility.exe program.
Javascript can be directly inserted into the name fields when adding
groups, servers and computers. The javascript is persistent and the XSS
vectors are re-exploited each time a user opens the utility and clicks on
the affected group, server or computer in the navigation pane.

II. Background

Symantec Backup Exec 2012 is an enterprise-level backup solution. The
affected version of BEUtility.exe is 14.0 Rev. 1798.

III. Description

Stored XSS vulnerabilities have been found and confirmed within the
BEUtility.exe application. The application can ordinarily be found at
C:Program FilesSymantecBackup ExecBEUtility.exe

Technical Details

-The Symantec Backup Exec Utility can typically be found in C:Program FilesSymantecBackup ExecBEUtility.exe.

-When the application is launched, create a new backup exec server group

  • In the text field add in javascript

-This creates a persistent XSS attack vector – each time a user launches the utility and clicks on the group item in the navigation pane, the XSS vulnerability is exploited

-It is also possible to insert script tags when adding new Servers and Computers

Fix Information

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory pvid=security_advisory year= suid=20130801_00

Published by NCC Group Publication Archive

Here are some related articles you may find interesting

Ghidra nanoMIPS ISA module

Introduction In late 2023 and early 2024, the NCC Group Hardware and Embedded Systems practice undertook an engagement to reverse engineer baseband firmware on several smartphones. This included MediaTek 5G baseband firmware based on the nanoMIPS architecture. While we were aware of some nanoMIPS modules for Ghidra having been developed…

Hardware & Embedded Systems
Reverse Engineering
Tool Release

May 7, 2024

6 mins read

Sifting through the spines: identifying (potential) Cactus ransomware victims

Authored by Willem Zeeman and Yun Zheng Hu This blog is part of a series written by various Dutch cyber security firms that have collaborated on the Cactus ransomware group, which exploits Qlik Sense servers for initial access. To view all of them please check the central blog by Dutch…

Digital Forensics and Incident Response (DFIR)
Fox-IT and European Research
Vulnerability Research

April 25, 2024

7 mins read

Public Report – Confidential Mode for Hyperdisk – DEK Protection Analysis

During the spring of 2024, Google engaged NCC Group to conduct a design review of Confidential Mode for Hyperdisk (CHD) architecture in order to analyze how the Data Encryption Key (DEK) that encrypts data-at-rest is protected. The project was 10 person days and the goal is to validate that the…

Public Reports

April 12, 2024

1 min read

Previous post Next post

View articles by category

Most popular posts

Most recent posts

Call us before you need us.

Our experts will help you.

Get in touch