Local Privilege Escalation via Pre or Post Backup Action in CloudBerry Backup v6.1.2.34

Local Privilege Escalation via Pre or Post Backup Action in CloudBerry Backup v6.1.2.34

CVE-2019-15720 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

CloudBerry Backup v6.1.2.34 allows local privilege escalation via a Pre or Post backup action. With only user-level access, a user can modify the backup plan and add a Pre backup action script that executes on behalf of NT AUTHORITY\SYSTEM.

Learn more about our User Device Pen Test.