It was discovered that the Unitrends bpserverd proprietary protocol, as exposed via xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system. This is very similar to exploits/linux/misc/ueb9_bpserverd however it runs against the localhost by dropping a python script on the local file system. Unitrends stopped bpserverd from listening remotely on version 10.
78074b1701e40ea4ef9e046d50ffaa646aa27cf4177d6b17c6371f5f32a674b7It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system. UEB v9 runs the api under root privileges and api/storage is vulnerable. UEB v10 runs the api under limited privileges and api/hosts is vulnerable.
26c3d9da1b69eb5067bf4415e099c1d16549287987fd59097875111bb16caf69This Metasploit module exploits a few different vulnerabilities in Nagios XI 5.2.6-5.4.12 to gain remote root access. The steps are: 1. Issue a POST request to /nagiosql/admin/settings.php which sets the database user to root. 2. SQLi on /nagiosql/admin/helpedit.php allows us to enumerate API keys. 3. The API keys are then used to add an administrative user. 4. An authenticated session is established with the newly added user 5. Command Injection on /nagiosxi/backend/index.php allows us to execute the payload with nopasswd sudo, giving us a root shell. 6. Remove the added admin user and reset the database user.
80bee7aa780edc43040bd1dd427fbdb84bcd1f35f74873b32d619a620e07f20cNagios XI versions 5.2.6 up to 5.2.9, 5.3, and 5.4 chained remote root exploit.
bb9a9ca26635c2779d5e4662eab43b6b113e781b49058727e94049827cb3f59aIt was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system.
c07f8ac2534501db5e1a2107a31c98fc3673f2ae2e3ea7c80d835f8d110dc418It was discovered that the Unitrends bpserverd proprietary protocol, as exposed via xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system.
105d0c7def915f528b4d6cbefeecd7e3bcaf3c9c59297fc9da4d9ce27c8a4197Unitrends UEB version 9.1 bpserverd remote command execution exploit.
82f1bd41a9b91ff7fcf43dabc0f2e01ae63a3f65d7f2de5cd8bcbb8efd53673bUnitrends UEB version 9.1 suffers from authentication bypass and remote command execution vulnerabilities.
dc78b0fa80eae08212c73ef783d41166b3faa9276eaa480864465d043a22739aUnitrends UEB version 9.1 suffers from a privilege escalation vulnerability.
5e34110454ce1173b51f2831389e35dc0b6b2e68f613b44d1cccff58bd1e3048
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed