PT-2018-17479 · Unitrends · Unitrends Backup

0Xc413

Published

2018-03-14

Updated

2021-12-06

CVE-2018-6328

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Unitrends Backup versions prior to 10.1.0

Description The issue allows an unauthenticated user to bypass authentication and inject arbitrary commands into the parameters using backquotes in the "/api/hosts" API endpoint.

Recommendations For versions prior to 10.1.0, update to version 10.1.0 or later to resolve the issue.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2018-6328

Affected Products

Unitrends Backup

PT-2018-17479 · Unitrends · Unitrends Backup

CVE-2018-6328

Weakness Enumeration

Related Identifiers

Affected Products

References · 7