CVE-2018-6328

Published: Mar 14, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, which then could allow an unauthenticated user to inject arbitrary commands into its /api/hosts parameters using backquotes.

Affected (1)

Products: Kaseya: Unitrends Backup

Kaseya

1 product

Unitrends Backup

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Kaseya Unitrends Backup	Before 10.1

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (8)

https://support.unitrends.com/UnitrendsBackup/s/article/000001150

Source: cve@mitre.org

Vendor Advisory

https://support.unitrends.com/UnitrendsBackup/s/article/000006002

Source: cve@mitre.org

Vendor Advisory

https://www.exploit-db.com/exploits/44297/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/45559/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://support.unitrends.com/UnitrendsBackup/s/article/000001150

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.unitrends.com/UnitrendsBackup/s/article/000006002

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.exploit-db.com/exploits/44297/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/45559/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.