CVE-2021-40385

Privilege escalation in Kaseya Unitrends Backup Software before 10.5.5-2

CVE	CVE-2021-40385
Title	Privilege escalation in Kaseya Unitrends Backup Software before 10.5.5-2
Credits	Discovered by Wietse Boonstra (finder) Addional research by Frank Breedijk (analyst)
CVSS
References	https://csirt.divd.nl/DIVD-2021-00014/ ( related ) https://csirt.divd.nl/CVE-2021-40385 ( third-party-advisory )
Problem type(s)	CWE-269 Improper Privilege Management
Date published
Last modified	01 Sep 2021 18:55 UTC

Description

An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is a privilege escalation from read-only user to admin.

JSON version.

DIVD CSIRT

CVE-2021-40385

Privilege escalation in Kaseya Unitrends Backup Software before 10.5.5-2

Description