Vulnerability Details CVE-2017-7283
An authenticated user of Unitrends Enterprise Backup before 9.1.2 can execute arbitrary OS commands by sending a specially crafted filename to the /api/restore/download-files endpoint, related to the downloadFiles function in api/includes/restore.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.166
EPSS Ranking 94.6%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
- https://rhinosecuritylabs.com/research/remote-code-execution-bug-hunting-chapter-2/
- https://support.unitrends.com/UnitrendsBackup/s/article/ka640000000CcWBAA0/000005557?r=1
- https://rhinosecuritylabs.com/research/remote-code-execution-bug-hunting-chapter-2/
- https://support.unitrends.com/UnitrendsBackup/s/article/ka640000000CcWBAA0/000005557?r=1
Products affected by CVE-2017-7283
-
cpe:2.3:a:unitrends:enterprise_backup:7.3.0
-
cpe:2.3:a:unitrends:enterprise_backup:8.2.0-8
-
cpe:2.3:a:unitrends:enterprise_backup:9.1
-
cpe:2.3:a:unitrends:enterprise_backup:9.1.1