CVE-2021-43037

Name of the Vulnerable Software and Affected Versions Kaseya Unitrends Backup Appliance versions prior to 10.5.5

Description An issue was discovered in the Unitrends Windows agent, which was vulnerable to DLL injection and binary planting due to insecure default permissions. This allowed privilege escalation from an unprivileged user to SYSTEM.

Recommendations For versions prior to 10.5.5, update to version 10.5.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the Unitrends Windows agent to minimize the risk of exploitation.