CVE-2017-12478

Related Files

Unitrends UEB HTTP API Remote Code Execution

Posted Oct 5, 2018

Authored by h00die, Benny Husted, Cale Smith, Jared Arave | Site metasploit.com

It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system. UEB v9 runs the api under root privileges and api/storage is vulnerable. UEB v10 runs the api under limited privileges and api/hosts is vulnerable.

tags | exploit, remote, web, arbitrary, root

advisories | CVE-2017-12478, CVE-2018-6328

SHA-256 | 26c3d9da1b69eb5067bf4415e099c1d16549287987fd59097875111bb16caf69

Download | Favorite | View

Unitrends UEB 9 HTTP API/Storage Remote Root

Posted Oct 21, 2017

Authored by Benny Husted, Cale Smith, Jared Arave | Site metasploit.com

It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system.

tags | exploit, remote, web, arbitrary, root

advisories | CVE-2017-12478

SHA-256 | c07f8ac2534501db5e1a2107a31c98fc3673f2ae2e3ea7c80d835f8d110dc418

Download | Favorite | View

Unitrends UEB 9.1 Authentication Bypass / Remote Command Execution

Posted Oct 4, 2017

Authored by Benny Husted, Cale Smith, Jared Arave

Unitrends UEB version 9.1 suffers from authentication bypass and remote command execution vulnerabilities.

tags | exploit, remote, vulnerability, bypass

advisories | CVE-2017-12478

SHA-256 | dc78b0fa80eae08212c73ef783d41166b3faa9276eaa480864465d043a22739a

Download | Favorite | View