CVE-2017-12478
Unitrends UEB 9.1 - Authentication Bypass / Remote Command Execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system.
Se ha descubierto que la interfaz web api/storage en Unitrends Backup (UB) en versiones anteriores a la 10.0.0 tiene un problema por el cual uno de sus parámetros de entrada no fue validado. Un atacante remoto podría emplear este fallo para eludir la autenticación y ejecutar comandos arbitrarios con privilegios root en el sistema objetivo.
It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system. UEB v9 runs the api under root privileges and api/storage is vulnerable. UEB v10 runs the api under limited privileges and api/hosts is vulnerable.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-08-04 CVE Reserved
- 2017-08-07 CVE Published
- 2017-08-08 First Exploit
- 2024-08-05 CVE Updated
- 2024-09-29 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-287: Improper Authentication
CAPEC
References (8)
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/42958 | 2017-08-08 | |
https://www.exploit-db.com/exploits/45559 | 2024-08-05 | |
https://www.exploit-db.com/exploits/43030 | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://support.unitrends.com/UnitrendsBackup/s/article/000005756 | 2021-12-16 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Kaseya Search vendor "Kaseya" | Unitrends Backup Search vendor "Kaseya" for product "Unitrends Backup" | < 10.0 Search vendor "Kaseya" for product "Unitrends Backup" and version " < 10.0" | - |
Affected
|