CVE-2017-16673 Information
Share on:
Feb 14, 2021
cve
Description
Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming connections. This allows an attacker to impersonate a Datto Backup Appliance to \pair\ with the agent and issue requests to this agent if the attacker can reach the agent on TCP port 25566 or 25568 and send unspecified \specific information\ by which the agent identifies a network device that is \appearing to be a valid Datto.\
CVSS Vector
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Reference
https://www.datto.com/partner-security-update-nov2017
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
5.3