What is CVE-2014-3008?

CVE-2014-3008 is a vulnerability in Unitrends Enterprise_backup, classified under OS Command Injection. Published 2014-04-28.

Is CVE-2014-3008 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Unitrends Enterprise_backup

CVE-2014-3008

Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.219 (95.9th percentile) — read the EPSS interpretation.

Affected products

Unitrends Enterprise_backup — versions 7.3.0
N/a — versions n/a

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

unitrends-snmpod-command-exec(92642) (vdb-entry, x_refsource_XF)
58001 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
cve@mitre.org (x_refsource_MISC)
66928 (Exploit, vdb-entry, x_refsource_BID)
20140415 Unitrends enterprise backup remote unauthenticated root (mailing-list, x_refsource_FULLDISC)
32885 (Exploit, exploit, x_refsource_EXPLOIT-DB)

Frequently asked questions

What is CVE-2014-3008?: CVE-2014-3008 is a vulnerability in Unitrends Enterprise_backup, classified under OS Command Injection. Published 2014-04-28.
Is CVE-2014-3008 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.