CVE-2017-12477

critical

Published 2017-08-07 · Modified 2026-05-13

CVSS v3

9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

10.0

VIR risk

9.8

Description

It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system.

Predictions

Exploit likelihood

97%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://support.unitrends.com/UnitrendsBackup/s/article/000005755

Application impact

Vendor	Product	Versions	Fixed
kaseya	unitrends_backup	`{"endExcluding":"10.0"}`	`10.0`

References

https://support.unitrends.com/UnitrendsBackup/s/article/000005755
https://www.exploit-db.com/exploits/43031/
https://support.unitrends.com/UnitrendsBackup/s/article/000005755
https://www.exploit-db.com/exploits/43031/

CWEs

CWE-287

Verify integrity in audit chain (admin only). AS-IS.