An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Multiple functions in the bpserverd daemon were vulnerable to arbitrary remote code execution as root. The vulnerability was caused by untrusted input (received by the server) being passed to system calls.
References
Link | Resource |
---|---|
https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961 | Vendor Advisory |
https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1 | Exploit Third Party Advisory |
https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-12-06T00:00:00
Updated: 2022-11-23T00:00:00
Reserved: 2021-10-26T00:00:00
Link: CVE-2021-43033
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-12-06T04:15:07.093
Modified: 2023-08-08T14:22:24.967
Link: CVE-2021-43033
JSON object: View
Redhat Information
No data.
CWE