cvedb.io
CVE-2017-12479
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2017-08-07T15:29:00.267 · Last modified 2026-06-17T01:03:22.600

Summary

It was discovered that an issue in the session logic in Unitrends Backup (UB) before 10.0.0 allowed using the LOGDIR environment variable during a web session to elevate an existing low-privilege user to root privileges. A remote attacker with existing low-privilege credentials could then execute arbitrary commands with root privileges.

Affected products

kaseya — unitrends_backup

Does this affect you?

Add your gear to cvedb and we'll alert you only when kaseya ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.