Enter Software Iperius Backup Improper Privilege Management Vulnerability Allowing Remote Code Execution

A vulnerability exists in Enter Software Iperius Backup versions through 8.7.3, specifically within the Backup Job Configuration File Handler component. This vulnerability allows a low-privileged user to create a malicious backup job configuration file that the application accepts. The file can later be modified through the application's interface to execute arbitrary commands with system privileges, effectively bypassing the application's command encryption mechanism. The vulnerability requires local access to exploit and is considered to have high complexity.

Impact

Exploitation of this vulnerability leads to unauthorized privilege escalation, allowing a low-privileged user to execute arbitrary commands with system-level rights. This could result in a full compromise of the affected host, establishment of persistent system-level access, deployment of malware or post-exploitation frameworks, lateral movement within the network, and bypassing of endpoint protection and access control mechanisms.

Reproduction

To reproduce this vulnerability, a low-privileged user can create a backup job that includes a command to be executed. After the job is saved, the user can edit the job configuration to add a malicious command. Once the job is executed, the command will run with system privileges, providing a reverse shell to the user.

Remediation

Users are advised to upgrade to Iperius Backup version 8.7.4, which addresses this vulnerability.