CVE-2017-12478

Name of the Vulnerable Software and Affected Versions Unitrends Backup versions prior to 10.0.0

Description The issue is related to the api/storage web interface, where an input parameter was not validated, allowing a remote attacker to bypass authentication and execute arbitrary commands with root privilege on the target system. This flaw is associated with deficiencies in the authentication procedure, which can be exploited by a remote attacker to bypass authentication or execute arbitrary commands with root privileges.

Recommendations For versions prior to 10.0.0, update to version 10.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the api/storage web interface to minimize the risk of exploitation. Avoid using unvalidated input parameters in the api/storage interface until the issue is resolved.