CVE-2017-12477

CRITICAL

Unitrends UEB bpserverd authentication bypass RCE

Title source: metasploit

Exploitation Summary

EIP tracks 3 public exploits for CVE-2017-12477. PoCs published by Metasploit, Jared Arave, Jared Arave, Cale Smith, Benny Husted, including Metasploit module exploits/linux/misc/ueb9_bpserverd.

AI-analyzed exploit summary This Metasploit module exploits an authentication bypass vulnerability in Unitrends UEB bpserverd, allowing remote command execution with root privileges via a proprietary protocol exposed through xinetd.

Description

It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotelinux_x86

https://www.exploit-db.com/exploits/43031

View Code ZIP pw:eip

This Metasploit module exploits an authentication bypass vulnerability in Unitrends UEB bpserverd, allowing remote command execution with root privileges via a proprietary protocol exposed through xinetd.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Unitrends UEB 9.*

No auth needed

Prerequisites: Network access to the target system on port 1743 · Unitrends UEB 9.* running with vulnerable bpserverd service

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Jared Arave · pythonremotelinux

https://www.exploit-db.com/exploits/42957

View Code ZIP pw:eip

This exploit leverages an unauthenticated remote code execution vulnerability in Unitrends UEB 9.1 by interacting with the xinetd service on port 1743 and a dynamically assigned port to execute arbitrary commands as root.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Unitrends UEB 9.1.0-2.201611302120.CentOS6

No auth needed

Prerequisites: Network access to the target's xinetd service (default port 1743) · Unitrends UEB 9.1 running on the target

MITRE ATT&CK

T1189 - Drive-by Compromise T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Jared Arave, Cale Smith, Benny Husted · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/ueb9_bpserverd.rb

View Code ZIP pw:eip

This Metasploit module exploits an authentication bypass vulnerability in Unitrends UEB bpserverd, allowing remote command execution with root privileges. It leverages a proprietary protocol exposed via xinetd to send a crafted payload.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Unitrends UEB 9.*

No auth needed

Prerequisites: Network access to the target system · xinetd service exposed on port 1743

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://support.unitrends.com/UnitrendsBackup/s/article/000005755

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/43031/

Scores

CVSS v3 9.8

EPSS 0.6822

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-287

Status published

Products (1)

kaseya/unitrends_backup < 10.0

Published Aug 07, 2017

Tracked Since Feb 18, 2026