CVE-2021-43036
https://notcve.org/view.php?id=CVE-2021-43036
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The password for the PostgreSQL wguest account is weak. Se ha detectado un problema en Kaseya Unitrends Backup Appliance versiones anteriores a 10.5.5. La contraseña de la cuenta wguest de PostgreSQL es débil • https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961 https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1 https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2 • CWE-521: Weak Password Requirements •
CVE-2021-43034
https://notcve.org/view.php?id=CVE-2021-43034
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A world writable file allowed local users to execute arbitrary code as the user apache, leading to privilege escalation. Se ha detectado un problema en Kaseya Unitrends Backup Appliance versiones anteriores a 10.5.5. Un archivo de escritura mundial permitía a usuarios locales ejecutar código arbitrario como el usuario apache, conllevando a una escalada de privilegios • https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961 https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1 https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2021-43040
https://notcve.org/view.php?id=CVE-2021-43040
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The privileged vaultServer could be leveraged to create arbitrary writable files, leading to privilege escalation. Se ha detectado un problema en Kaseya Unitrends Backup Appliance versiones anteriores a 10.5.5. El vaultServer privilegiado podría ser aprovechado para crear archivos arbitrarios con capacidad de escritura, conllevando a una escalada de privilegios • https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961 https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1 https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2 •
CVE-2021-40385
https://notcve.org/view.php?id=CVE-2021-40385
An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is a privilege escalation from read-only user to admin. Se ha detectado un problema en el software del servidor en Kaseya Unitrends Backup Software versiones anteriores a 10.5.5-2. Se presenta una escalada de privilegios de usuario de sólo lectura a administrador • https://csirt.divd.nl/csirt-divd-nl/cases/DIVD-2021-00014 •
CVE-2021-40387
https://notcve.org/view.php?id=CVE-2021-40387
An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is authenticated remote code execution. Se ha detectado un problema en el software del servidor en Kaseya Unitrends Backup Software versiones anteriores a 10.5.5-2. Se presenta una ejecución de código remota autenticado • https://csirt.divd.nl/csirt-divd-nl/cases/DIVD-2021-00014 •