CVE-2017-11318 — HIGH (8.1)

Vulnerability Description

Cobian Backup 11 client allows man-in-the-middle attackers to add and execute new backup tasks when the master server is spoofed. In addition, the attacker can execute system commands remotely by abusing pre-backup events.

CVSS Score

8.1

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cobiansoft	Cobian Backup	11

Related Weaknesses (CWE)

CWE-78

References

https://www.tarlogic.com/advisories/Tarlogic-2017-002.txtExploitThird Party Advisory
https://www.tarlogic.com/advisories/Tarlogic-2017-002.txtExploitThird Party Advisory

FAQ

What is CVE-2017-11318?

CVE-2017-11318 is a vulnerability with a CVSS score of 8.1 (HIGH). Cobian Backup 11 client allows man-in-the-middle attackers to add and execute new backup tasks when the master server is spoofed. In addition, the attacker can execute system commands remotely by abus...

How severe is CVE-2017-11318?

CVE-2017-11318 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-11318?

Check the references section above for vendor advisories and patch information. Affected products include: Cobiansoft Cobian Backup.