CVE-2021-43036
https://notcve.org/view.php?id=CVE-2021-43036
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The password for the PostgreSQL wguest account is weak. Se ha detectado un problema en Kaseya Unitrends Backup Appliance versiones anteriores a 10.5.5. La contraseña de la cuenta wguest de PostgreSQL es débil • https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961 https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1 https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2 • CWE-521: Weak Password Requirements •
CVE-2021-43034
https://notcve.org/view.php?id=CVE-2021-43034
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A world writable file allowed local users to execute arbitrary code as the user apache, leading to privilege escalation. Se ha detectado un problema en Kaseya Unitrends Backup Appliance versiones anteriores a 10.5.5. Un archivo de escritura mundial permitía a usuarios locales ejecutar código arbitrario como el usuario apache, conllevando a una escalada de privilegios • https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961 https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1 https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2021-43040
https://notcve.org/view.php?id=CVE-2021-43040
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The privileged vaultServer could be leveraged to create arbitrary writable files, leading to privilege escalation. Se ha detectado un problema en Kaseya Unitrends Backup Appliance versiones anteriores a 10.5.5. El vaultServer privilegiado podría ser aprovechado para crear archivos arbitrarios con capacidad de escritura, conllevando a una escalada de privilegios • https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961 https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1 https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2 •
CVE-2018-6328 – Unitrends UEB 10.0 - Root Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-6328
It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, which then could allow an unauthenticated user to inject arbitrary commands into its /api/hosts parameters using backquotes. Se ha descubierto que en Unitrends Backup (UB), en versiones anteriores a la 10.1.0, la interfaz de usuario estaba expuesta a una omisión de autenticación. Esto podría permitir que un usuario no autenticado inyecte comandos arbitrarios en los parámetros /api/hosts mediante acentos graves (`). It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system. • https://www.exploit-db.com/exploits/44297 https://www.exploit-db.com/exploits/45559 https://support.unitrends.com/UnitrendsBackup/s/article/000001150 https://support.unitrends.com/UnitrendsBackup/s/article/000006002 https://support.unitrends.com/UnitrendsBackup/s/article/ka640000000TO5PAAW/000005756 https://nvd.nist.gov/vuln/detail/CVE-2017-12478 http://blog.redactedsec.net/exploits/2018/01/29/UEB9.html • CWE-287: Improper Authentication •
CVE-2017-12477 – Unitrends UEB 9.1 - 'Unitrends bpserverd' Remote Command Execution
https://notcve.org/view.php?id=CVE-2017-12477
It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system. Se ha descubierto que el protocolo propietario bpserverd en Unitrends Backup (UB) en versiones anteriores a la 10.0.0, cuando se invoca a través de xinetd, tiene un problema que permite omitir la autenticación. Un atacante remoto podría emplear este problema para ejecutar comandos arbitrarios con privilegios root en el sistema objetivo. It was discovered that the Unitrends bpserverd proprietary protocol, as exposed via xinetd, has an issue in which its authentication can be bypassed. • https://www.exploit-db.com/exploits/42957 https://www.exploit-db.com/exploits/43031 https://support.unitrends.com/UnitrendsBackup/s/article/000005755 https://support.unitrends.com/UnitrendsBackup/s/article/ka640000000CcZeAAK/000005755 https://nvd.nist.gov/vuln/detail/CVE-2017-12477 • CWE-287: Improper Authentication •