CVE-2014-3008
critical
CVSS v3
—
CVSS v2
10.0
VIR risk
10.0
Description
Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — http://secunia.com/advisories/58001
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| unitrends | enterprise_backup | 7.3.0 | |
References
- http://seclists.org/fulldisclosure/2014/Apr/204
- http://secunia.com/advisories/58001
- http://www.exploit-db.com/exploits/32885
- http://www.securityfocus.com/bid/66928
- https://exchange.xforce.ibmcloud.com/vulnerabilities/92642
- https://gist.github.com/brandonprry/10745756
- http://seclists.org/fulldisclosure/2014/Apr/204
- http://secunia.com/advisories/58001
- http://www.exploit-db.com/exploits/32885
- http://www.securityfocus.com/bid/66928
- https://exchange.xforce.ibmcloud.com/vulnerabilities/92642
- https://gist.github.com/brandonprry/10745756
CWEs
CWE-78
Verify integrity in audit chain (admin only). AS-IS.