CVE-2019-15720

CloudBerry Backup v6.1.2.34 allows local privilege escalation via a Pre or Post backup action. With only user-level access, a user can modify the backup plan and add a Pre backup action script that executes on behalf of NT AUTHORITY\SYSTEM.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
VendorProductVersion
cloudberrylabbackup
𝑥
≤ 6.1.2.34
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.sevenlayers.com/index.php/243-cloudberry-backup-local-privilege-escalation
https://www.sevenlayers.com/index.php/243-cloudberry-backup-local-privilege-escalation