CVE-2014-3139: snmpd.php bypass authentication

Unitrends
Backup
General

SUMMARY

To fix vulnerability in Unitrends snmpd.php allowing an authentication exploit

CVE ID

CVE-2014-3139

DESCRIPTION

recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 allows remote attackers to bypass authentication by setting the auth parameter to a certain string.

RESOLUTION

Resolved in the latest Unitrends security update.

LINK TO ADVISORIES

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3139 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3139 http://www.cvedetails.com/cve/CVE-2014-3139/

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Contact us

Browse this section

How to upgrade the appliance via Unitrends' media (Air Gap / Offline updates)
Backup Agent Firewall Rules
Release Notes for Recovery Series, Recovery Max, and Unitrends Backup 10.5.4
Release Notes for Recovery Series, Recovery Max, and Unitrends Backup 10.5.3
How to disable an unused network interface to prevent conflict or accidental routing.
Release Notes for Recovery Series, Recovery Max, and Unitrends Backup 10.5.2
CBTDriverError:uvbCbtSnapshotCreationStarted <CBT_CTL_DUPLICATE_SNAPSHOT_CREATE>
Release Notes for Recovery Series, Recovery Max, and Unitrends Backup 10.5.1
Release Notes for Recovery Series, Recovery Max, and Unitrends Backup 10.5
UnitrendsMSP: Remove appliance