CVE-2017-12479

Name of the Vulnerable Software and Affected Versions Unitrends Backup versions prior to 10.0.0

Description An issue in the session logic allowed using the LOGDIR environment variable during a web session to elevate an existing low-privilege user to root privileges. A remote attacker with existing low-privilege credentials could then execute arbitrary commands with root privileges.

Recommendations For versions prior to 10.0.0, update to version 10.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the LOGDIR environment variable to minimize the risk of exploitation.