Vulnerability Description
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Multiple functions in the bpserverd daemon were vulnerable to arbitrary remote code execution as root. The vulnerability was caused by untrusted input (received by the server) being passed to system calls.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kaseya | Unitrends Backup | >= 10.0, < 10.5.5 |
Related Weaknesses (CWE)
References
- https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961Vendor Advisory
- https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-applianExploitThird Party Advisory
- https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-applianExploitThird Party Advisory
- https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961Vendor Advisory
- https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-applianExploitThird Party Advisory
- https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-applianExploitThird Party Advisory
FAQ
What is CVE-2021-43033?
CVE-2021-43033 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Multiple functions in the bpserverd daemon were vulnerable to arbitrary remote code execution as root. The vulnerability was...
How severe is CVE-2021-43033?
CVE-2021-43033 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-43033?
Check the references section above for vendor advisories and patch information. Affected products include: Kaseya Unitrends Backup.