CVE-2018-6329 Unitrends: sqli authentication bypass RCE

CVE ID

CVE-2018-6329

DESCRIPTION

It was discovered that the Unitrends Backup (UB) before 10.1.0 the libbpext.so authentication could be bypassed with an SQL injection, allowing a remote attacker to place a privilege escalation exploit on the target system and subsequently execute arbitrary commands.

RESOLUTION

Resolution is to upgrade to Unitrends release 10.1.0 or later.

How to enable the release 10.1 upgrade
 

LINK TO ADVISORIES

NOTES

See UNIBP-16736

[Discoverer] Benny Husted, Cale Smith, Jared Arave
 

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section