Ask the Community
Groups
Unitrends Security Advisory - Connect IT Community | Kaseya
<main> <article class="userContent"> <table border="1.5"><tbody><tr><th><strong><span data-contrast="none">Security Advisory</span></strong></th> <td> As security threats continue to evolve, M<span data-contrast="none">ultiple vulnerabilities were </span>recently <span data-contrast="none">reported to Unitrends </span>and Kaseya <span data-contrast="none">within the Unitrends Recovery Series and Unitrends Agent Software. Unitrends</span> and Kaseya<span data-contrast="none"> </span>gave high priority to these reports, as the company does with any report of a potential security issue, and <span data-contrast="none">has addressed the following vulnerabilities with the 10.5.5 software release.</span><span data-ccp-props="{}"> </span> </td> </tr><tr><th> <strong><span data-contrast="none">Affected Software Versions</span></strong><span data-ccp-props="{}"> </span> </th> <td> <span data-contrast="none">10.0.x-10.5.4</span><span data-ccp-props="{}"> </span> </td> </tr><tr><th> <strong><span data-contrast="none">Mitigations</span></strong><span data-ccp-props="{}"> </span> </th> <td> <span data-contrast="none">Users should </span>take immediate action to <span data-contrast="none">update </span>to the latest release of <span data-contrast="none">the Unitrends software and all agents to the latest version.</span><span data-ccp-props="{}"> </span> </td> </tr><tr><th> <strong><span data-contrast="none">Acknowledgments</span></strong><span data-ccp-props="{}"> </span> </th> <td> <span data-contrast="none">Unitrends recognizes the</span> valuable<span data-contrast="none"> efforts of those in the security community who help us protect customers through coordinated vulnerability disclosure. Unitrends would like to thank </span><a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fwww.cyberonesecurity.com%2Fteamares%2F" rel="noopener nofollow">CyberOne</a> and <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fwww.divd.nl%2F" rel="noopener nofollow">DIVD</a><span data-contrast="none"> for disclosing these vulnerabilities.</span><span data-ccp-props="{}"> </span> </td> </tr></tbody></table><p> </p> <table border="1"><thead><tr><th><strong>Ref.</strong></th> <th><strong>CVE#</strong></th> <th><strong>Title</strong></th> <th><strong>Description</strong></th> <th><strong>CVSS</strong></th> </tr></thead><tbody><tr><td>1</td> <td><a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-43035">CVE-2021-43035</a></td> <td> <span lang="EN-CA" data-contrast="none" xml:lang="EN-CA">Unauthenticated SQL Injection</span><span data-ccp-props="{}"> </span> </td> <td> <span lang="EN-CA" data-contrast="none" xml:lang="EN-CA">An issue was discovered in </span>Kaseya Unitrends Backup Appliance before 10.5.5. Two unauthenticated SQL injection vulnerabilities were discovered, allowing arbitrary SQL queries to be injected and executed under the postgres superuser account. Remote code execution was possible, leading to full access to the postgres user account.<span data-ccp-props="{}"> </span> </td> <td> <p>9.8 (Critical)</p> </td> </tr><tr><td>2</td> <td><a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-43033">CVE-2021-43033</a></td> <td> <span lang="EN-CA" data-contrast="none" xml:lang="EN-CA">Unauthenticated Remote Code Execution – </span>bpserverd<span data-ccp-props="{}"> </span> </td> <td> <span lang="EN-CA" data-contrast="none" xml:lang="EN-CA">An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Multiple functions in the Unitrends Backup Appliance </span>bpserverd daemon were vulnerable to remote code execution, resulting in arbitrary code execution as root. The vulnerability was caused by untrusted input (received by the server) being passed to system calls.<span data-ccp-props="{}"> </span> </td> <td>9.8 (Critical)</td> </tr><tr><td>3</td> <td><a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-43036">CVE-2021-43036</a></td> <td> <span lang="EN-CA" data-contrast="none" xml:lang="EN-CA">Weak PostgreSQL Account </span>wguest <span data-ccp-props="{}"> </span> </td> <td> <span lang="EN-US" data-contrast="none" xml:lang="EN-US">An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The password for the PostgreSQL </span>wguest account is weak. <span data-ccp-props="{}"> </span> </td> <td>7.8 (High)</td> </tr><tr><td>4</td> <td><a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-43038">CVE-2021-43038</a></td> <td> <span lang="EN-CA" data-contrast="none" xml:lang="EN-CA">PostgreSQL Trigger Command Injection</span><span data-ccp-props="{}"> </span> </td> <td> <span lang="EN-CA" data-contrast="none" xml:lang="EN-CA">An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The </span>wguest account on could execute commands by injecting into PostgreSQL trigger functions. This allowed privilege escalation from the wguest user to the postgres user.<span data-ccp-props="{}"> </span> </td> <td>7.8 (High)</td> </tr><tr><td>5</td> <td><a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-43037">CVE-2021-43037</a></td> <td> <span lang="EN-CA" data-contrast="none" xml:lang="EN-CA">DLL Hijacking</span><span data-ccp-props="{}"> </span> </td> <td> <p><span data-contrast="none">An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5.</span><span data-ccp-props="{}"> </span></p> <p><span data-contrast="none">The Unitrends Windows agent was vulnerable to DLL injection and binary planting due to insecure default permissions. This allowed privilege escalation from an unprivileged user to SYSTEM.</span><span data-ccp-props="{}"> </span></p> </td> <td>7.8 (High)</td> </tr><tr><td>6</td> <td><a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-43040">CVE-2021-43040</a></td> <td> <span lang="EN-CA" data-contrast="none" xml:lang="EN-CA">Privilege Escalation – Arbitrary File Create - </span>vaultServer<span data-ccp-props="{}"> </span> </td> <td> <span lang="EN-CA" data-contrast="none" xml:lang="EN-CA">An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The privileged </span>vaultServer could be leveraged to create arbitrary writable files, leading to privilege escalation.<span data-ccp-props="{}"> </span> </td> <td>7.8 (High)</td> </tr><tr><td>7</td> <td><a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-43034">CVE-2021-43034</a></td> <td> <span lang="EN-CA" data-contrast="none" xml:lang="EN-CA">Privilege Escalation to Apache</span><span data-ccp-props="{}"> </span> </td> <td> <span lang="EN-CA" data-contrast="none" xml:lang="EN-CA">An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A world writable file allowed local users to execute arbitrary code as the user apache, leading to privilege escalation.</span><span data-ccp-props="{}"> </span> </td> <td>7.8 (High)</td> </tr><tr><td>8</td> <td><a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-43039">CVE-2021-43039</a></td> <td> <span lang="EN-CA" data-contrast="none" xml:lang="EN-CA">SMB Null Sessions Allowed with Read/Write</span><span data-ccp-props="{}"> </span> </td> <td> <span lang="EN-CA" data-contrast="none" xml:lang="EN-CA">An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Samba file sharing service allowed anonymous read/write access.</span><span data-ccp-props="{}"> </span> </td> <td>6.5 (Medium)</td> </tr><tr><td>9</td> <td><a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-43042">CVE-2021-43042</a></td> <td> <span lang="EN-CA" data-contrast="none" xml:lang="EN-CA">Buffer Overflow in </span>vaultServer<span data-ccp-props="{}"> </span> </td> <td> <span lang="EN-CA" data-contrast="none" xml:lang="EN-CA">An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A buffer overflow existed in the </span>vaultServer. This was exploitable by a remote unauthenticated attacker.<span data-ccp-props="{}"> </span> </td> <td>8.6 (High)</td> </tr><tr><td>10</td> <td><a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-43041">CVE-2021-43041</a></td> <td> <span lang="EN-CA" data-contrast="none" xml:lang="EN-CA">Format String Vulnerability </span>vaultServer<span data-ccp-props="{}"> </span> </td> <td> <span lang="EN-CA" data-contrast="none" xml:lang="EN-CA">An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A crafted HTTP request could induce a format string vulnerability in the privileged </span>vaultServer application.<span data-ccp-props="{}"> </span> </td> <td>6.5 (Medium)</td> </tr><tr><td>11</td> <td><a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-43043">CVE-2021-43043</a></td> <td> <span lang="EN-CA" data-contrast="none" xml:lang="EN-CA">Insecure </span>Sudo Rule - Apache<span data-ccp-props="{}"> </span> </td> <td> <span lang="EN-CA" data-contrast="none" xml:lang="EN-CA">An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The apache user could read arbitrary files such as /</span>etc/shadow by abusing an insecure sudo rule.<span data-ccp-props="{}"> </span> </td> <td>7.2 (High)</td> </tr><tr><td>12</td> <td><a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2021-43044">CVE-2021-43044</a></td> <td> <span lang="EN-CA" data-contrast="none" xml:lang="EN-CA">Weak SNMP Community String</span><span data-ccp-props="{}"> </span> </td> <td> <span lang="EN-CA" data-contrast="none" xml:lang="EN-CA">An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The SNMP daemon is configured with a weak default community.</span><span data-ccp-props="{}"> </span> </td> <td>6.5 (Medium)</td> </tr></tbody></table> </article> </main>