CVE-2017-12478: Unitrends api/storage authentication bypass RCE

CVE ID

CVE-2017-12478

DESCRIPTION

It was discovered that the Unitrends api/storage web interface has an issue in which one of its input parameters was not validated.   A remote attacker could use this issue to bypass authentication and execute arbitrary commands with root privilege on the target system.

 

RESOLUTION

Resolution: Upgrade to Unitrends release 10.0.0-2 or later

Unitrends reference UNIBP-13942
 

LINK TO ADVISORIES

NOTES

Discoverer(s)/Credits:  Benny Husted, Cale Smith, Jared Arave
 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us