CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40386
https://notcve.org/view.php?id=CVE-2021-40386
Kaseya Unitrends Client/Agent through 10.5,5 allows remote attackers to execute arbitrary code. El cliente/agente de Kaseya Unitrends versiones hasta 10.5,5 permite a atacantes remotos ejecutar código arbitrario • https://csirt.divd.nl/cves/CVE-2021-40386 •
CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 2CVE-2021-43033
https://notcve.org/view.php?id=CVE-2021-43033
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Multiple functions in the bpserverd daemon were vulnerable to arbitrary remote code execution as root. The vulnerability was caused by untrusted input (received by the server) being passed to system calls. Se ha detectado un problema en Kaseya Unitrends Backup Appliance versiones anteriores a 10.5.5. Múltiples funciones en el demonio bpserverd eran vulnerables a una ejecución de código remota arbitrario como root. • https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961 https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1 https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-43044
https://notcve.org/view.php?id=CVE-2021-43044
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The SNMP daemon was configured with a weak default community. Se ha detectado un problema en Kaseya Unitrends Backup Appliance versiones anteriores a 10.5.5. El demonio SNMP estaba configurado con una comunidad débil por defecto • https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961 https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1 https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2 • CWE-798: Use of Hard-coded Credentials •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2021-43039
https://notcve.org/view.php?id=CVE-2021-43039
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Samba file sharing service allowed anonymous read/write access. Se ha detectado un problema en Kaseya Unitrends Backup Appliance versiones anteriores a 10.5.5. El servicio de intercambio de archivos Samba permitía el acceso anónimo de lectura/escritura • https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961 https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1 https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2 •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2021-43035
https://notcve.org/view.php?id=CVE-2021-43035
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Two unauthenticated SQL injection vulnerabilities were discovered, allowing arbitrary SQL queries to be injected and executed under the postgres superuser account. Remote code execution was possible, leading to full access to the postgres user account. Se ha detectado un problema en Kaseya Unitrends Backup Appliance versiones anteriores a 10.5.5. Se detectaron dos vulnerabilidades de inyección SQL no autenticadas, que permitían inyectar y ejecutar consultas SQL arbitrarias bajo la cuenta de superusuario postgres. • https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961 https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1 https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •