Datto Security Vulnerabilities
Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command and a secondary non-whitelisted command. This affects Datto Windows Agent (DWA) 1.0.5.0 and...
8CVSS
5.9AI Score
0.001EPSS
Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming connections. This allows an attacker to impersonate a Datto Backup Appliance to "pair" with the agent and issue requests to this agent, if the attacker can reach the agent on TCP port 25566 or 25568, and send unspecified...
5.3CVSS
6.1AI Score
0.001EPSS
Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information about data, software versions, configuration, and virtual machines via a request to a Web Virtual...
5.3CVSS
5.1AI Score
0.001EPSS
9.8CVSS
9.4AI Score
0.002EPSS
Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information via access to device/VM restore mount points, because they do not have ACLs by...
5.3CVSS
5.2AI Score
0.001EPSS
Datto ALTO and SIRIS devices allow Remote Code Execution via unauthenticated requests to PHP...
9.8CVSS
9.8AI Score
0.007EPSS