CVE Vulnerability
CVE-2021-43037
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Unitrends Windows agent was vulnerable to DLL injection and binary planting due to insecure default permissions. This allowed privilege escalation from an unprivileged user to SYSTEM.
References
| Link | Resource |
|---|---|
| https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961 | Vendor Advisory |
| https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-1 | Exploit Third Party Advisory |
| https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-appliance-part-2 | Exploit Third Party Advisory |
Configurations
Configuration 1
|
Information
Published : 2021-12-06 04:15
Updated : 2022-11-28 09:40
NVD link : CVE-2021-43037
Mitre link : CVE-2021-43037
Products Affected
No products.
CWE