Login Sign Up

CVE-2021-43044

9.8 CRITICAL

📋 TL;DR

Kaseya Unitrends Backup Appliance versions before 10.5.5 use a weak default SNMP community string, allowing attackers to read and potentially modify SNMP data. This affects all deployments using default SNMP configurations. The vulnerability enables unauthorized access to sensitive system information.

💻 Affected Systems

Products:
  • Kaseya Unitrends Backup Appliance
Versions: All versions before 10.5.5
Operating Systems: Appliance-specific Linux distribution
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with SNMP enabled (default configuration)

📦 What is this software?

Unitrends Backup by Kaseya

View all CVEs affecting Unitrends Backup →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise leading to data exfiltration, ransomware deployment, or complete backup infrastructure takeover

🟠

Likely Case

Unauthorized access to sensitive backup metadata, configuration data, and system information

🟢

If Mitigated

Limited to no impact if SNMP is disabled or strong community strings are configured

🌐 Internet-Facing: HIGH - SNMP is often exposed to internal networks and potentially to internet if misconfigured
🏢 Internal Only: HIGH - Default weak credentials allow lateral movement within networks

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Simple SNMP queries with default community strings can exploit this vulnerability

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.5.5

Vendor Advisory: https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Download and install version 10.5.5 from Kaseya support portal. 3. Apply update through appliance web interface. 4. Reboot appliance as prompted.

🔧 Temporary Workarounds

Disable SNMP Service

linux

Completely disable SNMP daemon if not required

systemctl stop snmpd
systemctl disable snmpd

Change SNMP Community Strings

linux

Replace default community strings with strong, unique values

Edit /etc/snmp/snmpd.conf and change community strings
systemctl restart snmpd

🧯 If You Can't Patch

  • Disable SNMP service immediately if not required
  • Implement network segmentation to restrict SNMP traffic to management networks only

🔍 How to Verify

Check if Vulnerable:

Check SNMP configuration file for weak community strings: grep -i community /etc/snmp/snmpd.conf

Check Version:

cat /etc/unitrends/version

Verify Fix Applied:

Verify version is 10.5.5 or later: cat /etc/unitrends/version

📡 Detection & Monitoring

Log Indicators:

  • SNMP authentication failures
  • Unexpected SNMP queries from unauthorized sources

Network Indicators:

  • SNMP traffic to/from backup appliance on UDP port 161
  • SNMP queries using default community strings

SIEM Query:

source="snmpd" AND (community="public" OR community="private")

📊 Metadata

CVE ID: CVE-2021-43044
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-798
Published: December 6, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-43044, you might also want to check these:

CVE-2025-20188 10.0

This critical vulnerability in Cisco IOS XE Wireless LAN Controllers allows unauthenticated remote a...

Same vulnerability type (CWE-798)
CVE-2026-22769 10.0

Dell RecoverPoint for Virtual Machines versions before 6.0.3.1 HF1 contain hardcoded credentials tha...

Same vulnerability type (CWE-798)
CVE-2021-0248 10.0

This vulnerability involves hard-coded credentials in Juniper Junos OS on NFX Series devices, allowi...

Same vulnerability type (CWE-798)