PT-2017-2842 · Unitrends · Unitrends Backup
0Xc413
+6
·
Published
2017-08-02
·
Updated
2021-12-16
·
CVE-2017-12478
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Unitrends Backup versions prior to 10.0.0
Description
The issue is related to the
api/storage web interface, where an input parameter was not validated, allowing a remote attacker to bypass authentication and execute arbitrary commands with root privilege on the target system. This flaw is associated with deficiencies in the authentication procedure, which can be exploited by a remote attacker to bypass authentication or execute arbitrary commands with root privileges.Recommendations
For versions prior to 10.0.0, update to version 10.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the
api/storage web interface to minimize the risk of exploitation. Avoid using unvalidated input parameters in the api/storage interface until the issue is resolved.Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Unitrends Backup