CVE-2021-43038

Name of the Vulnerable Software and Affected Versions Kaseya Unitrends Backup Appliance versions prior to 10.5.5

Description An issue was discovered in the Kaseya Unitrends Backup Appliance where the wguest account could execute commands by injecting into PostgreSQL trigger functions, allowing privilege escalation from the wguest user to the postgres user.

Recommendations For versions prior to 10.5.5, update to version 10.5.5 or later to resolve the issue. As a temporary workaround, consider restricting access to PostgreSQL trigger functions to minimize the risk of exploitation.