CVE-2018-6328
Unitrends UEB 10.0 - Root Remote Code Execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, which then could allow an unauthenticated user to inject arbitrary commands into its /api/hosts parameters using backquotes.
Se ha descubierto que en Unitrends Backup (UB), en versiones anteriores a la 10.1.0, la interfaz de usuario estaba expuesta a una omisión de autenticación. Esto podría permitir que un usuario no autenticado inyecte comandos arbitrarios en los parámetros /api/hosts mediante acentos graves (`).
It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system. UEB v9 runs the api under root privileges and api/storage is vulnerable. UEB v10 runs the api under limited privileges and api/hosts is vulnerable.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-01-26 CVE Reserved
- 2018-03-14 CVE Published
- 2024-02-22 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-287: Improper Authentication
CAPEC
References (7)
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/44297 | 2024-08-05 | |
https://www.exploit-db.com/exploits/45559 | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://support.unitrends.com/UnitrendsBackup/s/article/000001150 | 2021-12-06 | |
https://support.unitrends.com/UnitrendsBackup/s/article/000006002 | 2017-08-08 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Kaseya Search vendor "Kaseya" | Unitrends Backup Search vendor "Kaseya" for product "Unitrends Backup" | < 10.1 Search vendor "Kaseya" for product "Unitrends Backup" and version " < 10.1" | - |
Affected
|