CVE-2021-43033

Опубликовано: 06 дек. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Средний

Описание

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Multiple functions in the bpserverd daemon were vulnerable to arbitrary remote code execution as root. The vulnerability was caused by untrusted input (received by the server) being passed to system calls.

Ссылки

https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961
Vendor Advisory
https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1
Exploit
Third Party Advisory
https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2
Exploit
Third Party Advisory
https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961
Vendor Advisory
https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1
Exploit
Third Party Advisory
https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kaseya:unitrends_backup:*:*:*:*:*:*:*:*

Версия от 10.0 (включая) до 10.5.5 (исключая)

EPSS

Процентиль: 93%

0.10955

Средний

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-fw55-5674-qwvm