CVE-2017-12479

HIGH

Unitrends Backup <10.0.0 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-12479. PoCs published by Jared Arave.

AI-analyzed exploit summary This exploit leverages session token manipulation in Unitrends UEB 9.1 to achieve authenticated remote code execution by injecting a PHP shell into the webroot via log file manipulation.

Description

It was discovered that an issue in the session logic in Unitrends Backup (UB) before 10.0.0 allowed using the LOGDIR environment variable during a web session to elevate an existing low-privilege user to root privileges. A remote attacker with existing low-privilege credentials could then execute arbitrary commands with root privileges.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jared Arave · pythonwebappsphp

https://www.exploit-db.com/exploits/42959

View Code ZIP pw:eip

This exploit leverages session token manipulation in Unitrends UEB 9.1 to achieve authenticated remote code execution by injecting a PHP shell into the webroot via log file manipulation.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Unitrends UEB 9.1

Auth required

Prerequisites: Valid low-privilege credentials · Network access to the target · Unitrends UEB 9.1 with vulnerable session handling

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://support.unitrends.com/UnitrendsBackup/s/article/000005757

Scores

CVSS v3 8.8

EPSS 0.1181

EPSS Percentile 95.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (1)

kaseya/unitrends_backup < 9.1

Published Aug 07, 2017

Tracked Since Feb 18, 2026