Logo
Open Ticket Register Sign in
  1. Unitrends
  2. Backup
  3. General

CVE-2017-7283: Unitrends RCE in restore.php filenames

CVE ID

CVE-2017-7283

DESCRIPTION

An RCE issue in api/includes/restore.php allowed a remote command execution to be injected when specifying filenames manually. 

 

RESOLUTION

Unitrends Risk Assessment: None
Resolved with latest security update as of 04/14/2017.

LINK TO ADVISORIES

  • https://rhinosecuritylabs.com/research/remote-code-execution-bug-hunting-chapter-1/

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us

Browse this section

  • How to upgrade the appliance via Unitrends' media (Air Gap / Offline updates)
  • Release Notes for Recovery Series, Recovery Max, and Unitrends Backup 10.5
  • UnitrendsMSP: Remove appliance
  • Steps to perform post a successful migration steps on CentOS6 UB (CentOS6 to CentOS7)
  • Release Notes for Recovery Series, Recovery Max, and Unitrends Backup 10.4.11
  • Upgrade fails when upgrading from version 10.2 or older
  • 8006-8012 appliance disk replacement process
  • Release Notes for Recovery Series, Recovery Max, and Unitrends Backup 10.4.10
  • Gen 7, Gen 8, UMSP and MAX Appliance Datasheets
  • Release Notes for Recovery Series and Unitrends Backup 10.4.9
See more
Company
  • About us
  • Blog
  • Legal Notices
  • Privacy

Products
  • Unitrends Helix
  • Unitrends Cloud Backup
  • Unitrends Backup Software V2
  • Unitrends DRaaS
  • Unitrends Forever Cloud Storage
  • Unitrends Security Manager
  • Unitrends Compliance Manager
  • Recovery Series Backup Applicances
Helpdesk
  • My Support Account
  • Open a Ticket
  • Register

© Copyright © 2020 Unitrends