It was discovered that the Unitrends bpserverd proprietary protocol, as exposed via xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system.
Resolution: Upgrade to Unitrends release 10.0.0-2 or later
Unitrends reference UNIBP-13942
LINK TO ADVISORIES
Discoverer(s)/Credits: Benny Husted, Cale Smith, Jared Arave