Logo
Open Register Sign in
  1. Unitrends
  2. Backup
  3. General

CVE-2017-7280: Unitrends RCE in systems.php password

CVE ID

CVE-2017-7280

DESCRIPTION

An RCE issue in Unitrends api/includes/systems.php could allow a remote command execution to be injected when changing the system password. 

 

RESOLUTION

Unitrends Risk Assessment: None.  Resolved with latest security update
Resolved with latest security update as of 04/14/2017.

LINK TO ADVISORIES

  • https://rhinosecuritylabs.com/research/remote-code-execution-bug-hunting-chapter-1/

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us

Browse this section

  • File Catalog updates stalled or slow or Image and Host level backups larger when using Windows Defender engine 1.1.18100.5
  • How to upgrade the appliance via Unitrends' media (Air Gap / Offline updates)
  • Release Notes for Recovery Series, Recovery Max, and Unitrends Backup 10.5.6
  • How can I find imaging media for an older release?
  • How can I find air gap update media for an older release?
  • Getting Started with Your Free Trial of Unitrends Backup
  • How can I find an older release of the Unitrends agent software?
  • 9002 - 9012 appliance disk replacement process
  • Release Notes for Recovery Series, Recovery Max, and Unitrends Backup 10.5.5
  • Backup Agent Firewall Rules
See more
Company
  • About us
  • Blog
  • Legal Notices
  • Privacy

Products
  • Unitrends Helix
  • Unitrends Cloud Backup
  • Unitrends Backup Software V2
  • Unitrends DRaaS
  • Unitrends Forever Cloud Storage
  • Unitrends Security Manager
  • Unitrends Compliance Manager
  • Recovery Series Backup Applicances
Helpdesk
  • My Support Account
  • Open a Ticket
  • Register

© Copyright © 2020 Unitrends