CVE-2017-12477: Unitrends bpserverd authentication bypass RCE

CVE ID

CVE-2017-12477

DESCRIPTION

It was discovered that the Unitrends bpserverd proprietary protocol, as exposed via xinetd, has an issue in which its authentication can be bypassed.   A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system.
Complexity:  High
 

RESOLUTION

Resolution: Upgrade to Unitrends release 10.0.0-2 or later

Unitrends reference UNIBP-13942

LINK TO ADVISORIES

NOTES

Discoverer(s)/Credits:  Benny Husted, Cale Smith, Jared Arave

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section