What is CVE-2018-6328?

CVE-2018-6328 is a vulnerability in N/a. Published 2018-03-14.

Is CVE-2018-6328 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2018-6328

It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, which then could allow an unauthenticated user to inject arbitrary commands into its /api/hosts parameters using backquo…

EPSS: 0.710 (98.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework

References

45559 (exploit, x_refsource_EXPLOIT-DB)
support.unitrends.com/UnitrendsBackup/s/article/000006002 (x_refsource_CONFIRM)
44297 (exploit, x_refsource_EXPLOIT-DB)
support.unitrends.com/UnitrendsBackup/s/article/000001150 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2018-6328?: CVE-2018-6328 is a vulnerability in N/a. Published 2018-03-14.
Is CVE-2018-6328 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.