CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2018-6328

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1870%
EPSS Percentile44.26th
Published2018年3月14日
Last Modified2024年11月21日

Vulnerability Description

It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, which then could allow an unauthenticated user to inject arbitrary commands into its /api/hosts parameters using backquotes.

Affected Platforms (CPE)

📦
Kaseya

Unitrends Backup

< 10.1

References & Advisories

🔗 https://support.unitrends.com/UnitrendsBackup/s/article/000001150
🔗 https://support.unitrends.com/UnitrendsBackup/s/article/000006002
🔗 https://www.exploit-db.com/exploits/44297/
🔗 https://www.exploit-db.com/exploits/45559/
🔗 https://support.unitrends.com/UnitrendsBackup/s/article/000001150
🔗 https://support.unitrends.com/UnitrendsBackup/s/article/000006002
🔗 https://www.exploit-db.com/exploits/44297/
🔗 https://www.exploit-db.com/exploits/45559/

相關漏洞威脅

CVE-2014-300810.0

Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ...

CVE-2017-124779.8

It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has a...

CVE-2018-63299.8

It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL injection, ...

CVE-2017-124789.8

It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input...