CVE-2018-6328 - OpenCVE

It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, which then could allow an unauthenticated user to inject arbitrary commands into its /api/hosts parameters using backquotes.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Kaseya	Unitrends Backup

Configuration 1 [-]

cpe:2.3:a:kaseya:unitrends_backup:*:*:*:*:*:*:*:*

References

Link	Resource
https://support.unitrends.com/UnitrendsBackup/s/article/000001150	Vendor Advisory
https://support.unitrends.com/UnitrendsBackup/s/article/000006002	Vendor Advisory
https://www.exploit-db.com/exploits/44297/	Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/45559/	Exploit Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-03-14T19:00:00

Updated: 2018-10-10T09:57:01

Reserved: 2018-01-26T00:00:00

Link: CVE-2018-6328

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-03-14T19:29:00.597

Modified: 2021-12-06T15:03:40.833

Link: CVE-2018-6328

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-03-14T00:00:00", "descriptions": [{"lang": "en", "value": "It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, which then could allow an unauthenticated user to inject arbitrary commands into its /api/hosts parameters using backquotes."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "45559", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/45559/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.unitrends.com/UnitrendsBackup/s/article/000006002"}, {"name": "44297", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/44297/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.unitrends.com/UnitrendsBackup/s/article/000001150"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-6328", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, which then could allow an unauthenticated user to inject arbitrary commands into its /api/hosts parameters using backquotes."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "45559", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/45559/"}, {"name": "https://support.unitrends.com/UnitrendsBackup/s/article/000006002", "refsource": "CONFIRM", "url": "https://support.unitrends.com/UnitrendsBackup/s/article/000006002"}, {"name": "44297", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/44297/"}, {"name": "https://support.unitrends.com/UnitrendsBackup/s/article/000001150", "refsource": "CONFIRM", "url": "https://support.unitrends.com/UnitrendsBackup/s/article/000001150"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-6328", "datePublished": "2018-03-14T19:00:00", "dateReserved": "2018-01-26T00:00:00", "dateUpdated": "2018-10-10T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kaseya:unitrends_backup:*:*:*:*:*:*:*:*", "matchCriteriaId": "919167E0-45B2-4E37-92B9-681F73B80037", "versionEndExcluding": "10.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, which then could allow an unauthenticated user to inject arbitrary commands into its /api/hosts parameters using backquotes."}, {"lang": "es", "value": "Se ha descubierto que en Unitrends Backup (UB), en versiones anteriores a la 10.1.0, la interfaz de usuario estaba expuesta a una omisi\u00f3n de autenticaci\u00f3n. Esto podr\u00eda permitir que un usuario no autenticado inyecte comandos arbitrarios en los par\u00e1metros /api/hosts mediante acentos graves (`)."}], "id": "CVE-2018-6328", "lastModified": "2021-12-06T15:03:40.833", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-14T19:29:00.597", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://support.unitrends.com/UnitrendsBackup/s/article/000001150"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://support.unitrends.com/UnitrendsBackup/s/article/000006002"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/44297/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/45559/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}