Vulnerability Description
It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kaseya | Unitrends Backup | < 10.0 |
Related Weaknesses (CWE)
References
- https://support.unitrends.com/UnitrendsBackup/s/article/000005755Vendor Advisory
- https://www.exploit-db.com/exploits/43031/ExploitThird Party AdvisoryVDB Entry
- https://support.unitrends.com/UnitrendsBackup/s/article/000005755Vendor Advisory
- https://www.exploit-db.com/exploits/43031/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2017-12477?
CVE-2017-12477 is a vulnerability with a CVSS score of 9.8 (CRITICAL). It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed. A remote attacker...
How severe is CVE-2017-12477?
CVE-2017-12477 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-12477?
Check the references section above for vendor advisories and patch information. Affected products include: Kaseya Unitrends Backup.