CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-12477

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0710%
EPSS Percentile3.71th
Published2017年8月7日
Last Modified2026年5月13日

Vulnerability Description

It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system.

Affected Platforms (CPE)

📦
Kaseya

Unitrends Backup

< 10.0

References & Advisories

🔗 https://support.unitrends.com/UnitrendsBackup/s/article/000005755
🔗 https://www.exploit-db.com/exploits/43031/
🔗 https://support.unitrends.com/UnitrendsBackup/s/article/000005755
🔗 https://www.exploit-db.com/exploits/43031/

関連する脆弱性情報

CVE-2014-300810.0

Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ...

CVE-2018-63289.8

It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, which then ...

CVE-2018-63299.8

It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL injection, ...

CVE-2017-124789.8

It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input...