CVE-2021-43043 in Unitrends Backup Applianceinfo

Summary

by MITRE • 12/06/2021

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The apache user could read arbitrary files such as /etc/shadow by abusing an insecure Sudo rule.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 12/09/2021

The vulnerability identified as CVE-2021-43043 represents a critical privilege escalation flaw within the Kaseya Unitrends Backup Appliance software ecosystem. This issue affects versions prior to 10.5.5 and stems from an insecure sudo rule configuration that allows the apache user account to execute arbitrary file reads. The flaw demonstrates a classic misconfiguration problem where administrative privileges have been granted more broadly than necessary, creating an attack surface that adversaries can exploit to gain unauthorized access to sensitive system information.

The technical implementation of this vulnerability involves the manipulation of sudo permissions within the appliance's security framework. When the apache user attempts to access system files through the vulnerable sudo rule, the system fails to properly validate or restrict the file paths being accessed. This creates a path traversal condition that enables the attacker to read files that should normally be restricted, including the critical /etc/shadow file which contains hashed passwords for system users. The vulnerability operates at the privilege escalation layer where a low-privilege user can leverage existing system permissions to access restricted resources.

From an operational impact perspective, this vulnerability poses significant risks to organizations relying on Kaseya Unitrends Backup Appliance for their data protection infrastructure. The ability to read /etc/shadow directly compromises the authentication security model of the entire system, potentially enabling attackers to extract password hashes and perform offline password cracking attacks. This breach of privilege escalation can lead to complete system compromise, as successful exploitation allows attackers to escalate their access level and potentially gain administrative control over the backup appliance. The vulnerability affects the confidentiality and integrity of the system, as sensitive authentication data becomes accessible to unauthorized parties.

The security implications extend beyond simple file access, as this vulnerability aligns with multiple attack patterns documented in the MITRE ATT&CK framework, particularly in the privilege escalation and credential access domains. Organizations using this appliance face risks of data exfiltration, system takeover, and potential lateral movement within their network infrastructure. The vulnerability demonstrates poor least privilege principles in system configuration, which is categorized under CWE-276, specifically insecure permissions for critical system resources. Remediation efforts should focus on implementing proper sudo rule restrictions, ensuring that the apache user has minimal necessary permissions and that all file access operations are properly validated and restricted. The affected versions should be immediately updated to 10.5.5 or later, which includes patches addressing the insecure sudo configuration and proper privilege restrictions.

Organizations should also conduct comprehensive security audits of their sudo configurations across all systems, implementing regular permission reviews and monitoring for unauthorized access patterns. The vulnerability serves as a reminder of the critical importance of proper privilege management and the potential consequences of overly permissive system configurations in enterprise backup and recovery environments.

Reservation

10/26/2021

Disclosure

12/06/2021

Moderation

accepted

CPE

ready

EPSS

0.01414

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!