It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system.
References
Link | Resource |
---|---|
https://support.unitrends.com/UnitrendsBackup/s/article/000005756 | Vendor Advisory |
https://www.exploit-db.com/exploits/43030/ | Exploit Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/45559/ | Exploit Third Party Advisory VDB Entry |
https://support.unitrends.com/UnitrendsBackup/s/article/000005756 | Vendor Advisory |
https://www.exploit-db.com/exploits/43030/ | Exploit Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/45559/ | Exploit Third Party Advisory VDB Entry |
Configurations
History
21 Nov 2024, 03:09
Type | Values Removed | Values Added |
---|---|---|
References | () https://support.unitrends.com/UnitrendsBackup/s/article/000005756 - Vendor Advisory | |
References | () https://www.exploit-db.com/exploits/43030/ - Exploit, Third Party Advisory, VDB Entry | |
References | () https://www.exploit-db.com/exploits/45559/ - Exploit, Third Party Advisory, VDB Entry |
Information
Published : 2017-08-07 15:29
Updated : 2024-11-21 03:09
NVD link : CVE-2017-12478
Mitre link : CVE-2017-12478
CVE.ORG link : CVE-2017-12478
JSON object : View
Products Affected
kaseya
- unitrends_backup
CWE
CWE-287
Improper Authentication