CVE ID
CVE-2018-6329
DESCRIPTION
It was discovered that the Unitrends Backup (UB) before 10.1.0 the libbpext.so authentication could be bypassed with an SQL injection, allowing a remote attacker to place a privilege escalation exploit on the target system and subsequently execute arbitrary commands.
RESOLUTION
Resolution is to upgrade to Unitrends release 10.1.0 or later.
How to enable the release 10.1 upgrade
LINK TO ADVISORIES
- https://nvd.nist.gov/vuln/detail/CVE-2018-6329
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6329
NOTES
See UNIBP-16736
[Discoverer] Benny Husted, Cale Smith, Jared Arave