CVE-2017-12477
Unitrends UEB 9.1 - 'Unitrends bpserverd' Remote Command Execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system.
Se ha descubierto que el protocolo propietario bpserverd en Unitrends Backup (UB) en versiones anteriores a la 10.0.0, cuando se invoca a través de xinetd, tiene un problema que permite omitir la autenticación. Un atacante remoto podría emplear este problema para ejecutar comandos arbitrarios con privilegios root en el sistema objetivo.
It was discovered that the Unitrends bpserverd proprietary protocol, as exposed via xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-08-04 CVE Reserved
- 2017-08-07 CVE Published
- 2017-08-08 First Exploit
- 2024-08-05 CVE Updated
- 2024-09-29 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-287: Improper Authentication
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://support.unitrends.com/UnitrendsBackup/s/article/ka640000000CcZeAAK/000005755 | ||
https://nvd.nist.gov/vuln/detail/CVE-2017-12477 |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/42957 | 2017-08-08 | |
https://www.exploit-db.com/exploits/43031 | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://support.unitrends.com/UnitrendsBackup/s/article/000005755 | 2021-12-16 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Kaseya Search vendor "Kaseya" | Unitrends Backup Search vendor "Kaseya" for product "Unitrends Backup" | < 10.0 Search vendor "Kaseya" for product "Unitrends Backup" and version " < 10.0" | - |
Affected
|