PT-2019-14342 · Cloudberry · Cloudberry Backup

Publicado

2019-08-28

Atualizado

2020-08-24

CVE-2019-15720

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CloudBerry Backup version 6.1.2.34

Description The issue allows local privilege escalation via a Pre or Post backup action. With only user-level access, a user can modify the backup plan and add a Pre backup action script that executes on behalf of NT AUTHORITYSYSTEM.

Recommendations For CloudBerry Backup version 6.1.2.34, as a temporary workaround, consider disabling the execution of Pre and Post backup action scripts until a patch is available. Restrict access to modify backup plans to minimize the risk of exploitation.

Exploit

Correção

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-269

Identificadores relacionados

CVE-2019-15720

Produtos afetados

Cloudberry Backup

PT-2019-14342 · Cloudberry · Cloudberry Backup

CVE-2019-15720

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3