PT-2019-14342 · Cloudberry · Cloudberry Backup

Published

2019-08-28

Updated

2020-08-24

CVE-2019-15720

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CloudBerry Backup version 6.1.2.34

Description The issue allows local privilege escalation via a Pre or Post backup action. With only user-level access, a user can modify the backup plan and add a Pre backup action script that executes on behalf of NT AUTHORITYSYSTEM.

Recommendations For CloudBerry Backup version 6.1.2.34, as a temporary workaround, consider disabling the execution of Pre and Post backup action scripts until a patch is available. Restrict access to modify backup plans to minimize the risk of exploitation.

Exploit

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2019-15720

Affected Products

Cloudberry Backup

PT-2019-14342 · Cloudberry · Cloudberry Backup

CVE-2019-15720

Weakness Enumeration

Related Identifiers

Affected Products

References · 3