Описание
It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system.
Ссылки
- Vendor Advisory
- ExploitThird Party AdvisoryVDB Entry
- Vendor Advisory
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
EPSS
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
Связанные уязвимости
It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system.
Уязвимость протокола bpserverd средства резервного копирования Unitrends Backup, позволяющая нарушителю обойти процедуру аутентификации или выполнить произвольные команды с root-правами
EPSS
9.8 Critical
CVSS3
10 Critical
CVSS2