It was discovered that the Unitrends Backup (UB) before 10.1.0 the libbpext.so authentication could be bypassed with an SQL injection, allowing a remote attacker to place a privilege escalation exploit on the target system and subsequently execute arbitrary commands.
Resolution is to upgrade to Unitrends release 10.1.0 or later.
How to enable the release 10.1 upgrade
LINK TO ADVISORIES
- https://nvd.nist.gov/vuln/detail/CVE-2018-6329 https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6329
[Discoverer] Benny Husted, Cale Smith, Jared Arave