CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-7279

An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to root privileges by modifying the "token" cookie issued at login.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.045

EPSS Ranking 88.6%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 10.0

References

https://rhinosecuritylabs.com/research/remote-code-execution-bug-hunting-chapter-1/
https://rhinosecuritylabs.com/research/remote-code-execution-bug-hunting-chapter-1/

Products affected by CVE-2017-7279

Unitrends » Enterprise Backup » Version: 7.3.0

cpe:2.3:a:unitrends:enterprise_backup:7.3.0
Unitrends » Enterprise Backup » Version: 8.2.0-8

cpe:2.3:a:unitrends:enterprise_backup:8.2.0-8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-7279

Products

Pricing

Contact Us