CVSS: 10.0EPSS: 6%CPEs: 1EXPL: 3CVE-2017-12478 – Unitrends UEB 9.1 - Authentication Bypass / Remote Command Execution
https://notcve.org/view.php?id=CVE-2017-12478
It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system. Se ha descubierto que la interfaz web api/storage en Unitrends Backup (UB) en versiones anteriores a la 10.0.0 tiene un problema por el cual uno de sus parámetros de entrada no fue validado. Un atacante remoto podría emplear este fallo para eludir la autenticación y ejecutar comandos arbitrarios con privilegios root en el sistema objetivo. It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. • https://www.exploit-db.com/exploits/42958 https://www.exploit-db.com/exploits/45559 https://www.exploit-db.com/exploits/43030 https://support.unitrends.com/UnitrendsBackup/s/article/000005756 https://support.unitrends.com/UnitrendsBackup/s/article/ka640000000TO5PAAW/000005756 https://support.unitrends.com/UnitrendsBackup/s/article/000006002 https://nvd.nist.gov/vuln/detail/CVE-2017-12478 http://blog.redactedsec.net/exploits/2018/01/29/UEB9.html • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2017-12479 – Unitrends UEB 9.1 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-12479
It was discovered that an issue in the session logic in Unitrends Backup (UB) before 10.0.0 allowed using the LOGDIR environment variable during a web session to elevate an existing low-privilege user to root privileges. A remote attacker with existing low-privilege credentials could then execute arbitrary commands with root privileges. Se ha descubierto que un problema en la lógica de sesión en Unitrends Backup (UB) en versiones anteriores a la 10.0.0 permitía emplear la variable de entorno LOGDIR durante una sesión web para elevar a un usuario existente con pocos privilegios a la categoría root. Un atacante remoto que tenga credenciales con pocos privilegios podría ejecutar comandos arbitrarios con privilegios root. Unitrends UEB version 9.1 suffers from a privilege escalation vulnerability. • https://www.exploit-db.com/exploits/42959 https://support.unitrends.com/UnitrendsBackup/s/article/000005757 •