An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Multiple functions in the bpserverd daemon were vulnerable to arbitrary remote code execution as root. The vulnerability was caused by untrusted input (received by the server) being passed to system calls.
References
Link | Resource |
---|---|
https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961 | Vendor Advisory |
https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1 | Exploit Third Party Advisory |
https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2 | Exploit Third Party Advisory |
Configurations
Information
Published : 2021-12-05 20:15
Updated : 2022-11-28 13:44
NVD link : CVE-2021-43033
Mitre link : CVE-2021-43033
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
kaseya
- unitrends_backup