CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2021-40386
https://notcve.org/view.php?id=CVE-2021-40386
15 Apr 2022 — Kaseya Unitrends Client/Agent through 10.5,5 allows remote attackers to execute arbitrary code. El cliente/agente de Kaseya Unitrends versiones hasta 10.5,5 permite a atacantes remotos ejecutar código arbitrario • https://csirt.divd.nl/cves/CVE-2021-40386 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-43036
https://notcve.org/view.php?id=CVE-2021-43036
06 Dec 2021 — An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The password for the PostgreSQL wguest account is weak. Se ha detectado un problema en Kaseya Unitrends Backup Appliance versiones anteriores a 10.5.5. La contraseña de la cuenta wguest de PostgreSQL es débil • https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961 • CWE-521: Weak Password Requirements •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 2CVE-2021-43038
https://notcve.org/view.php?id=CVE-2021-43038
06 Dec 2021 — An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The wguest account could execute commands by injecting into PostgreSQL trigger functions. This allowed privilege escalation from the wguest user to the postgres user. Se ha detectado un problema en Kaseya Unitrends Backup Appliance versiones anteriores a 10.5.5. La cuenta wguest podía ejecutar comandos inyectando en funciones de activación de PostgreSQL. • https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-43041
https://notcve.org/view.php?id=CVE-2021-43041
06 Dec 2021 — An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A crafted HTTP request could induce a format string vulnerability in the privileged vaultServer application. Se ha detectado un problema en Kaseya Unitrends Backup Appliance versiones anteriores a 10.5.5. Una petición HTTP diseñada podría inducir una vulnerabilidad de cadena de formato en la aplicación privilegiada vaultServer • https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-43037
https://notcve.org/view.php?id=CVE-2021-43037
06 Dec 2021 — An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Unitrends Windows agent was vulnerable to DLL injection and binary planting due to insecure default permissions. This allowed privilege escalation from an unprivileged user to SYSTEM. Se ha detectado un problema en Kaseya Unitrends Backup Appliance versiones anteriores a 10.5.5. El agente de Unitrends para Windows era vulnerable a una inyección de DLL y una siembra de binarios debido a permisos no seguros por defecto. • https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961 • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 2CVE-2021-43042
https://notcve.org/view.php?id=CVE-2021-43042
06 Dec 2021 — An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A buffer overflow existed in the vaultServer component. This was exploitable by a remote unauthenticated attacker. Se ha detectado un problema en Kaseya Unitrends Backup Appliance versiones anteriores a 10.5.5. Se presentaba un desbordamiento del búfer en el componente vaultServer. • https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 14%CPEs: 1EXPL: 2CVE-2021-43033
https://notcve.org/view.php?id=CVE-2021-43033
06 Dec 2021 — An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Multiple functions in the bpserverd daemon were vulnerable to arbitrary remote code execution as root. The vulnerability was caused by untrusted input (received by the server) being passed to system calls. Se ha detectado un problema en Kaseya Unitrends Backup Appliance versiones anteriores a 10.5.5. Múltiples funciones en el demonio bpserverd eran vulnerables a una ejecución de código remota arbitrario como root. • https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2021-43043
https://notcve.org/view.php?id=CVE-2021-43043
06 Dec 2021 — An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The apache user could read arbitrary files such as /etc/shadow by abusing an insecure Sudo rule. Se ha detectado un problema en Kaseya Unitrends Backup Appliance versiones anteriores a 10.5.5. El usuario apache podía leer archivos arbitrarios como /etc/shadow al abusar de una regla Sudo no segura • https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-43034
https://notcve.org/view.php?id=CVE-2021-43034
06 Dec 2021 — An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A world writable file allowed local users to execute arbitrary code as the user apache, leading to privilege escalation. Se ha detectado un problema en Kaseya Unitrends Backup Appliance versiones anteriores a 10.5.5. Un archivo de escritura mundial permitía a usuarios locales ejecutar código arbitrario como el usuario apache, conllevando a una escalada de privilegios • https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-43044
https://notcve.org/view.php?id=CVE-2021-43044
06 Dec 2021 — An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The SNMP daemon was configured with a weak default community. Se ha detectado un problema en Kaseya Unitrends Backup Appliance versiones anteriores a 10.5.5. El demonio SNMP estaba configurado con una comunidad débil por defecto • https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961 • CWE-798: Use of Hard-coded Credentials •