CVE-2017-7279

EPSS 4.46%
Veröffentlicht 12.04.2017 22:59:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to root privileges by modifying the "token" cookie issued at login.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Unitrends ≫ Enterprise Backup Version <= 8.2.0-8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.46%	0.886

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-565 Reliance on Cookies without Validation and Integrity Checking

The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.

https://rhinosecuritylabs.com/research/remote-code-execution-bug-hunting-chapter-1/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-7279

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-7279

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-7279

EUVD