CVE-2017-16673

Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming connections. This allows an attacker to impersonate a Datto Backup Appliance to "pair" with the agent and issue requests to this agent, if the attacker can reach the agent on TCP port 25566 or 25568, and send unspecified "specific information" by which the agent identifies a network device that is "appearing to be a valid Datto."
References
Link Resource
https://www.datto.com/partner-security-update-nov2017 Mitigation Patch Vendor Advisory
https://www.datto.com/partner-security-update-nov2017 Mitigation Patch Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:datto:backup_agent:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:16

Type Values Removed Values Added
References () https://www.datto.com/partner-security-update-nov2017 - Mitigation, Patch, Vendor Advisory () https://www.datto.com/partner-security-update-nov2017 - Mitigation, Patch, Vendor Advisory

Information

Published : 2017-11-09 04:29

Updated : 2024-11-21 03:16


NVD link : CVE-2017-16673

Mitre link : CVE-2017-16673

CVE.ORG link : CVE-2017-16673


JSON object : View

Products Affected

datto

  • backup_agent
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor