Vulnerability Details CVE-2018-6329
It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL injection, allowing a remote attacker to place a privilege escalation exploit on the target system and subsequently execute arbitrary commands.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.795
EPSS Ranking 99.0%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- https://support.unitrends.com/UnitrendsBackup/s/article/000001150
- https://support.unitrends.com/UnitrendsBackup/s/article/000006003
- https://www.exploit-db.com/exploits/44297/
- https://www.exploit-db.com/exploits/45913/
- https://support.unitrends.com/UnitrendsBackup/s/article/000001150
- https://support.unitrends.com/UnitrendsBackup/s/article/000006003
- https://www.exploit-db.com/exploits/44297/
- https://www.exploit-db.com/exploits/45913/
Products affected by CVE-2018-6329
-
cpe:2.3:a:unitrends:backup:1.7.1h
-
cpe:2.3:a:unitrends:backup:10.0
-
cpe:2.3:a:unitrends:backup:10.1
-
cpe:2.3:a:unitrends:backup:10.1.1
-
cpe:2.3:a:unitrends:backup:2.1.0
-
cpe:2.3:a:unitrends:backup:4.2.2
-
cpe:2.3:a:unitrends:backup:6.0.0
-
cpe:2.3:a:unitrends:backup:6.3.0
-
cpe:2.3:a:unitrends:backup:7.4.0
-
cpe:2.3:a:unitrends:backup:9.0.0
-
cpe:2.3:a:unitrends:backup:9.1
-
cpe:2.3:a:unitrends:backup:9.2.0