CVE-2017-12479
Unitrends UEB 9.1 - Privilege Escalation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
It was discovered that an issue in the session logic in Unitrends Backup (UB) before 10.0.0 allowed using the LOGDIR environment variable during a web session to elevate an existing low-privilege user to root privileges. A remote attacker with existing low-privilege credentials could then execute arbitrary commands with root privileges.
Se ha descubierto que un problema en la lógica de sesión en Unitrends Backup (UB) en versiones anteriores a la 10.0.0 permitía emplear la variable de entorno LOGDIR durante una sesión web para elevar a un usuario existente con pocos privilegios a la categoría root. Un atacante remoto que tenga credenciales con pocos privilegios podría ejecutar comandos arbitrarios con privilegios root.
Unitrends UEB version 9.1 suffers from a privilege escalation vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-08-04 CVE Reserved
- 2017-08-07 CVE Published
- 2017-08-08 First Exploit
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/42959 | 2017-08-08 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.unitrends.com/UnitrendsBackup/s/article/000005757 | 2021-12-06 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Kaseya Search vendor "Kaseya" | Unitrends Backup Search vendor "Kaseya" for product "Unitrends Backup" | <= 9.1 Search vendor "Kaseya" for product "Unitrends Backup" and version " <= 9.1" | - |
Affected
| ||||||