CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-30117 – Authenticated SQL injection in Kaseya VSA < v9.5.6
https://notcve.org/view.php?id=CVE-2021-30117
09 Jul 2021 — The API call /InstallTab/exportFldr.asp is vulnerable to a semi-authenticated boolean-based blind SQL injection in the parameter fldrId. Detailed description --- Given the following request: ``` GET /InstallTab/exportFldr.asp?fldrId=1’ HTTP/1.1 Host: 192.168.1.194 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:85.0) Gecko/20100101 Firefox/85.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1... • https://csirt.divd.nl/2021/07/07/Kaseya-Limited-Disclosure • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 17%CPEs: 2EXPL: 0CVE-2021-30116 – Kaseya Virtual System/Server Administrator (VSA) Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-30116
09 Jul 2021 — Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client for Windows and installs it, the file KaseyaD.ini is generated (C:\Program Files (x86)\Kaseya\XXXXXXXXXX\KaseyaD.ini) which contains an Agent_Guid and AgentPassword This Agent_Guid and AgentPassword can be used to ... • https://csirt.divd.nl/2021/07/04/Kaseya-Case-Update-2 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2019-14510
https://notcve.org/view.php?id=CVE-2019-14510
11 Oct 2019 — An issue was discovered in Kaseya VSA RMM through 9.5.0.22. When using the default configuration, the LAN Cache feature creates a local account FSAdminxxxxxxxxx (e.g., FSAdmin123456789) on the server that hosts the LAN Cache and all clients that are assigned to a LAN Cache. This account is placed into the local Administrators group of all clients assigned to the LAN Cache. When the assigned client is a Domain Controller, the FSAdminxxxxxxxxx account is created as a domain account and automatically added as ... • http://community.kaseya.com/xsp/f/355.aspx • CWE-276: Incorrect Default Permissions CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15506
https://notcve.org/view.php?id=CVE-2019-15506
26 Aug 2019 — An issue was discovered in Kaseya Virtual System Administrator (VSA) through 9.4.0.37. It has a critical information disclosure vulnerability. An unauthenticated attacker can send properly formatted requests to the web application and download sensitive files and information. For example, the /DATAREPORTS directory can be farmed for reports. Because this directory contains the results of reports such as NMAP, Patch Status, and Active Directory domain metadata, an attacker can easily collect this critical in... • http://dfdrconsulting.com/2019/cyber-security/cve-2019-15506-kaseya-vsa-critical-information-disclosure-unauthenticated-access • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 37%CPEs: 3EXPL: 1CVE-2018-20753 – Kaseya VSA Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-20753
05 Feb 2019 — Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote attackers to execute PowerShell payloads on all managed devices. In January 2018, attackers actively exploited this vulnerability in the wild. Kaseya VSA RMM, en versiones anteriores a la R9.3 9.3.0.35, versiones R4 anteriores a la 9.4.0.36 y en las R9.5 anteriores a la 9.5.0.5, permite a los atacantes remotos sin privilegios ejecutar cargas útiles PowerShell en todos los dispositivos gestionados. E... • https://blog.huntresslabs.com/deep-dive-kaseya-vsa-mining-payload-c0ac839a0e88 •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 1CVE-2017-12410 – Kaseya Virtual System Administrator (VSA) Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-12410
23 Mar 2018 — It is possible to exploit a Time of Check & Time of Use (TOCTOU) vulnerability by winning a race condition when Kaseya Virtual System Administrator agent 9.3.0.11 and earlier tries to execute its binaries from working and/or temporary folders. Successful exploitation results in the execution of arbitrary programs with "NT AUTHORITY\SYSTEM" privileges. Es posible explotar una vulnerabilidad Time of Check Time of Use (TOCTOU) al ganar una condición de carrera cuando las versiones 9.3.0.11 y anteriores del age... • https://packetstorm.news/files/id/146871 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 67%CPEs: 1EXPL: 3CVE-2018-6328 – Unitrends UEB - HTTP API Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-6328
14 Mar 2018 — It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, which then could allow an unauthenticated user to inject arbitrary commands into its /api/hosts parameters using backquotes. Se ha descubierto que en Unitrends Backup (UB), en versiones anteriores a la 10.1.0, la interfaz de usuario estaba expuesta a una omisión de autenticación. Esto podría permitir que un usuario no autenticado inyecte comandos arbitrarios en los parámetros /api/hosts med... • https://packetstorm.news/files/id/149687 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 74%CPEs: 1EXPL: 4CVE-2017-12477 – Unitrends UEB 9 - bpserverd Authentication Bypass Remote Command Execution
https://notcve.org/view.php?id=CVE-2017-12477
07 Aug 2017 — It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system. Se ha descubierto que el protocolo propietario bpserverd en Unitrends Backup (UB) en versiones anteriores a la 10.0.0, cuando se invoca a través de xinetd, tiene un problema que permite omitir la autenticación. Un atac... • https://packetstorm.news/files/id/144511 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 71%CPEs: 1EXPL: 6CVE-2017-12478 – Unitrends UEB - HTTP API Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-12478
07 Aug 2017 — It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system. Se ha descubierto que la interfaz web api/storage en Unitrends Backup (UB) en versiones anteriores a la 10.0.0 tiene un problema por el cual uno de sus parámetros de entrada no fue validado. Un atacante remoto podrí... • https://packetstorm.news/files/id/144694 • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 13%CPEs: 1EXPL: 2CVE-2017-12479 – Unitrends UEB 9.1 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-12479
07 Aug 2017 — It was discovered that an issue in the session logic in Unitrends Backup (UB) before 10.0.0 allowed using the LOGDIR environment variable during a web session to elevate an existing low-privilege user to root privileges. A remote attacker with existing low-privilege credentials could then execute arbitrary commands with root privileges. Se ha descubierto que un problema en la lógica de sesión en Unitrends Backup (UB) en versiones anteriores a la 10.0.0 permitía emplear la variable de entorno LOGDIR durante ... • https://packetstorm.news/files/id/144513 •