CVE-2018-6329

CRITICAL

Unitrends Backup < 10.1.10 - SQL Injection

Title source: rule

Description

It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL injection, allowing a remote attacker to place a privilege escalation exploit on the target system and subsequently execute arbitrary commands.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocallinux

https://www.exploit-db.com/exploits/45913

View Code ZIP pw:eip

exploitdb WORKING POC

by Jared Arave · pythonremotelinux

https://www.exploit-db.com/exploits/44297

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Cale Smith, Benny Husted, Jared Arave, h00die · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/ueb_bpserverd_privesc.rb

View Code ZIP pw:eip

References (4)

[Vendor Advisory] https://support.unitrends.com/UnitrendsBackup/s/article/000001150

[Vendor Advisory] https://support.unitrends.com/UnitrendsBackup/s/article/000006003

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/44297/

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/45913/

Scores

CVSS v3 9.8

EPSS 0.7899

EPSS Percentile 99.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

unitrends/backup < 10.1.10

Published Mar 14, 2018

Tracked Since Feb 18, 2026