Jump to content
YOUR-AD-HERE
HOSTING
TOOLS
992Proxy

Locked Unitrends UEB HTTP API Remote Code Execution

1337day-Exploits

By BOT1337day-Exploits
in Updated Exploits

 Share

Recommended Posts

1337day-Exploits Hacker

BOT1337day-Exploits

Posted
Posted

It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system. UEB v9 runs the api under root privileges and api/storage is vulnerable. UEB v10 runs the api under limited privileges and api/hosts is vulnerable.

This is the hidden content, please

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.