It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system.
References
Link | Resource |
---|---|
https://support.unitrends.com/UnitrendsBackup/s/article/000005756 | Vendor Advisory |
https://www.exploit-db.com/exploits/43030/ | Exploit Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/45559/ | Exploit Third Party Advisory VDB Entry |
Configurations
Information
Published : 2017-08-07 08:29
Updated : 2021-12-16 10:48
NVD link : CVE-2017-12478
Mitre link : CVE-2017-12478
JSON object : View
CWE
CWE-287
Improper Authentication
Products Affected
kaseya
- unitrends_backup