This is a vulnerability reported and patched in 2021, however organized ransomware groups have recently been seen exploiting vulnerabilities found in unpatched, internet-exposed assets running the Veritas Backup Exec Agent to gain initial access and achieve escalation of privileges on vulnerable endpoints.
Veritas urges all customers to immediately update to Backup Exec version 21.2 or later if they have not already done so.
Summary
Backup Exec versions 16.x, 20.x and 21.1 are affected.
Veritas Backup Exec version 21.2 includes fixes for three security issues.
If you have updated to version 21.2 or later, no additional action is needed to address these vulnerabilities at this time.
Additional Information: