CVE-2018-6328

CRITICAL

Kaseya Unitrends Backup < 10.1 - Authentication Bypass

Title source: rule

Description

It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, which then could allow an unauthenticated user to inject arbitrary commands into its /api/hosts parameters using backquotes.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotelinux

https://www.exploit-db.com/exploits/45559

View Code ZIP pw:eip

exploitdb WORKING POC

by Jared Arave · pythonremotelinux

https://www.exploit-db.com/exploits/44297

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Cale Smith, Benny Husted, Jared Arave, h00die · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/ueb_api_rce.rb

View Code ZIP pw:eip

References (4)

[Vendor Advisory] https://support.unitrends.com/UnitrendsBackup/s/article/000001150

[Vendor Advisory] https://support.unitrends.com/UnitrendsBackup/s/article/000006002

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/44297/

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/45559/

Scores

CVSS v3 9.8

EPSS 0.7096

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-287

Status published

Products (1)

kaseya/unitrends_backup < 10.1

Published Mar 14, 2018

Tracked Since Feb 18, 2026