CVE-2017-12479

Name: CVE-2017-12479
Creator: NVD / NIST
Published: 2017-08-07T15:29:00.267+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 11.81%

Last modified Jun 17, 2026

CVE-2017-12479 is a vulnerability of currently unknown severity. It was discovered that an issue in the session logic in Unitrends Backup (UB) before 10.0.0 allowed using the LOGDIR environment variable during a web session to elevate an existing low-privilege user to root privileges. A remote attacker with existing low-privilege credentials could then execute arbitrary commands with root privileges.. EPSS estimates a 11.81% chance of exploitation in the next 30 days.

Description

It was discovered that an issue in the session logic in Unitrends Backup (UB) before 10.0.0 allowed using the LOGDIR environment variable during a web session to elevate an existing low-privilege user to root privileges. A remote attacker with existing low-privilege credentials could then execute arbitrary commands with root privileges.

Metrics

EPSS Probability

11.81%

95.6th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Kaseya	Unitrends Backup	<= 9.1

References

https://support.unitrends.com/UnitrendsBackup/s/article/000005757Vendor Advisory
https://support.unitrends.com/UnitrendsBackup/s/article/000005757Vendor Advisory

Timeline

Published: Aug 7, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-12479?

How severe is CVE-2017-12479?

Severity scoring for CVE-2017-12479 is pending analysis. The EPSS model estimates a 11.81% probability of exploitation in the next 30 days.

How do I fix CVE-2017-12479?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-12479?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST