CyberSec.Space Logo
Back to CVE Browser

CVE-2017-12477

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0710%
EPSS Percentile3.71th
PublishedAug 7, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system.

Affected Platforms (CPE)

πŸ“¦
Kaseya

Unitrends Backup

< 10.0

References & Advisories

πŸ”— https://support.unitrends.com/UnitrendsBackup/s/article/000005755
πŸ”— https://www.exploit-db.com/exploits/43031/
πŸ”— https://support.unitrends.com/UnitrendsBackup/s/article/000005755
πŸ”— https://www.exploit-db.com/exploits/43031/

Related Vulnerabilities

CVE-2014-300810.0

Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ...

CVE-2018-63289.8

It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, which then ...

CVE-2018-63299.8

It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL injection, ...

CVE-2017-124789.8

It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input...