Vulnerability CVE-2017-16673


Published: 2017-11-08   Modified: 2017-11-09

Description:
Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming connections. This allows an attacker to impersonate a Datto Backup Appliance to "pair" with the agent and issue requests to this agent, if the attacker can reach the agent on TCP port 25566 or 25568, and send unspecified "specific information" by which the agent identifies a network device that is "appearing to be a valid Datto."

See advisories in our WLB2 database:
Topic
Author
Date
High
Datto Windows Agent Remote Code Execution
Michael Brumlow,...
10.11.2017

Type:

CWE-200

(Information Exposure)

Vendor: Datto
Product: Backup agent 
Version: 1.0.6.0;

CVSS2 => (AV:A/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.9/10
2.9/10
5.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
https://www.datto.com/partner-security-update-nov2017

Related CVE
CVE-2015-9256
Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information via access to device/VM restore mount points, because they do not have ACLs by default.
CVE-2015-9255
Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information about data, software versions, configuration, and virtual machines via a request to a Web Virtual Directory.
CVE-2015-9254
Datto ALTO and SIRIS devices have a default VNC password.
CVE-2015-2081
Datto ALTO and SIRIS devices allow Remote Code Execution via unauthenticated requests to PHP scripts.
CVE-2017-16674
Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command and a secondary non-whitelisted command. This affec...

Copyright 2019, cxsecurity.com

 

Back to Top