← Retour aux CVEs
CVE-2017-12477
CRITICAL9.8
Description
It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system.
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie8/7/2017
Derniere modification4/20/2025
Sourcenvd
Observations honeypot0
Produits affectes
kaseya:unitrends_backup
Faiblesses (CWE)
CWE-287
References
https://www.exploit-db.com/exploits/43031/(cve@mitre.org)
https://support.unitrends.com/UnitrendsBackup/s/article/000005755(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/43031/(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.