CVE-2021-43040

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Kaseya Unitrends Backup Appliance versions prior to 10.5.5

Description An issue was discovered where the privileged vaultServer could be leveraged to create arbitrary writable files, leading to privilege escalation.

Recommendations For versions prior to 10.5.5, update to version 10.5.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the vaultServer to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-43040

Affected Products

Kaseya Unitrends Backup Appliance

CVE-2021-43040

Related Identifiers

Affected Products

References · 8