← Voltar para CVEs
CVE-2017-12477
CRITICAL9.8
Descricao
It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado8/7/2017
Ultima modificacao4/20/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
kaseya:unitrends_backup
Fraquezas (CWE)
CWE-287
Referencias
https://www.exploit-db.com/exploits/43031/(cve@mitre.org)
https://support.unitrends.com/UnitrendsBackup/s/article/000005755(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/43031/(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.