CVE-2017-16673
Last modified
CVE-2017-16673 is a vulnerability of currently unknown severity. Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming connections. This allows an attacker to impersonate a Datto Backup Appliance to "pair" with the agent and issue requests to this agent, if the attacker can reach the agent on TCP port 25566 or 25568, and send unspecified "specific information" by which the agent identifies a network device that is "appearing to be a valid Datto.". EPSS estimates a 0.44% chance of exploitation in the next 30 days.
Description
Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming connections. This allows an attacker to impersonate a Datto Backup Appliance to "pair" with the agent and issue requests to this agent, if the attacker can reach the agent on TCP port 25566 or 25568, and send unspecified "specific information" by which the agent identifies a network device that is "appearing to be a valid Datto."
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Datto | Backup Agent | <= 1.0.6.0 |
References
- https://www.datto.com/partner-security-update-nov2017Mitigation, Patch, Vendor Advisory
- https://www.datto.com/partner-security-update-nov2017Mitigation, Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-16673?
How severe is CVE-2017-16673?
How do I fix CVE-2017-16673?
Are you affected by CVE-2017-16673?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST