exploitDog

CVE-2017-12479

Опубликовано: 07 авг. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Средний

Описание

It was discovered that an issue in the session logic in Unitrends Backup (UB) before 10.0.0 allowed using the LOGDIR environment variable during a web session to elevate an existing low-privilege user to root privileges. A remote attacker with existing low-privilege credentials could then execute arbitrary commands with root privileges.

Ссылки

https://support.unitrends.com/UnitrendsBackup/s/article/000005757
Vendor Advisory
https://support.unitrends.com/UnitrendsBackup/s/article/000005757
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kaseya:unitrends_backup:*:*:*:*:*:*:*:*

Версия до 9.1 (включая)

EPSS

Процентиль: 94%

0.13453

Средний

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-qm9m-fp5f-xg9x

CVSS3: 8.8

github

больше 3 лет назад

It was discovered that an issue in the session logic in Unitrends Backup (UB) before 10.0.0 allowed using the LOGDIR environment variable during a web session to elevate an existing low-privilege user to root privileges. A remote attacker with existing low-privilege credentials could then execute arbitrary commands with root privileges.

EPSS

Процентиль: 94%

0.13453

Средний

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

NVD-CWE-noinfo