Enter Software Iperius Backup Temporary File Vulnerability in Backup Service

A vulnerability exists in Enter Software Iperius Backup versions through 8.7.3, specifically within the Backup Service component. The issue arises from an unknown function that allows low-privileged local users to manipulate backup job configuration files. This manipulation creates temporary files with insecure permissions, enabling the execution of arbitrary backup jobs with elevated privileges. As a result, unauthorized access to sensitive files of other local and domain users is possible, leading to significant information disclosure.

Impact

Exploitation of this vulnerability allows low-privileged users to execute backup jobs under the NT AUTHORITY\SYSTEM account, bypassing User Account Control (UAC) restrictions. This could be used to access and exfiltrate files from other users, including those with administrative privileges.

Reproduction

The vulnerability can be reproduced by copying and renaming an existing backup job configuration file in the Iperius Backup Jobs directory. After modifying the duplicated file to change the job name and destination path, the Iperius Backup application can be restarted to load the new job. Once the job is executed using the 'Run Backup as Service (LocalSystem / admin)' option, any specified files from the destination path will be accessible, including those belonging to users with higher privileges.

Remediation

Users are advised to upgrade to Iperius Backup version 8.7.4, which addresses this vulnerability.