Unitrends Enterprise Backup Privilege Escalation in Token Cookie

Vulnerability Details

CVSS Rating: 9.8 (critical)

CVE-2017-7279

Disclosing Company: Rhino Security Labs

Date: 04/12/2017

Status: Published

Affected software/version:
Unitrends Enterprise Backup Web Server < 9.0.0

Disclosure

Rhino Security Labs References

Blog Post: "Unitrends Vulnerability Hunting: Remote Code Execution"

Unitrends: "Unitrends user privilege escalation"

GitHub: CVE-2017-7279 Privilege Escalation Exploit

MITRE

NIST

Disclosure Date

04/12/2017

Vulnerability Description

An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to root privileges by modifying the "token" cookie issued at login.

Related Disclosures

Unitrends Enterprise Backup Remote Code Execution in restore.php File
[CVE-2017-7283]

Unitrends Enterprise Backup Remote Code Execution in reports.php File
[CVE-2017-7281]

Unitrends Enterprise Backup Remote Code Execution in systems.php File
[CVE-2017-7280]

Unitrends Enterprise Backup Privilege Escalation in users.php File
[CVE-2017-7284]

Unitrends Enterprise Backup Local File Inclusion
[CVE-2017-7282]

CVSS Metrics

CVSS Rating (version 3.0)

9.8 (Critical)

Impact Score

Exploitability Score

5.9

3.9

Attack Vector

Network

Attack Complexity (AC)Low Privileges Required (PR)None User Interaction (UI)None Scope (S)Unchanged

Confidentiality (C)High Integrity (I)High Availability (A)High

Unitrends Enterprise Backup Privilege Escalation in Token Cookie[CVE-2017-7279]