// For flags

CVE-2015-6589

Kaseya Virtual System Administrator Authenticated Remote File Upload Remote Code Execution Vulnerability

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote authenticated users to write to and execute arbitrary files due to insufficient restrictions in file paths to json.ashx.

La vulnerabilidad de Salto de Directorio en Kaseya Virtual System Administrator (VSA) versiones 7.0.0.0 anteriores a 7.0.0.33, versiones 8..0.0.0 anteriores a 8.0.0.23, versiones 9.0.0.0 anteriores a 9.0.0.19 y versiones 9.1.0.0 anteriores a 9.1.0.9, permite a usuarios autenticados remotos escribir y ejecutar archivos arbitrarios debido a restricciones insuficientes en las rutas de archivos en el archivo json.ashx.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Kaseya Virtual System Administrator. Authentication is required to exploit this vulnerability.
The specific flaw exists within the json.ashx HTTP handler, which does not restrict destination file paths. Attackers can leverage this vulnerability to upload and execute arbitrary code on the server under the context of IIS.

Kaseya Virtual System Administrator suffers from multiple code execution vulnerabilities and a privilege escalation vulnerability. VSA versions 7.0.0.0 through 7.0.0.32, 8.0.0.0 through 8.0.0.22, 9.0.0.0 through 9.0.0.18, and 9.1.0.0 through 9.1.0.8 are affected.

*Credits: Pedro Ribeiro (pedrib@gmail.com) / Agile Information Security
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-08-21 CVE Reserved
  • 2015-09-23 CVE Published
  • 2015-09-28 First Exploit
  • 2024-08-06 CVE Updated
  • 2024-10-10 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Kaseya
Search vendor "Kaseya"
 Virtual System Administrator
Search vendor "Kaseya" for product "Virtual System Administrator"
 >= 7.0.0.0 < 7.0.0.33
Search vendor "Kaseya" for product "Virtual System Administrator" and version " >= 7.0.0.0 < 7.0.0.33"
-
Affected
Kaseya
Search vendor "Kaseya"
 Virtual System Administrator
Search vendor "Kaseya" for product "Virtual System Administrator"
 >= 8.0.0.0 < 8.0.0.23
Search vendor "Kaseya" for product "Virtual System Administrator" and version " >= 8.0.0.0 < 8.0.0.23"
-
Affected
Kaseya
Search vendor "Kaseya"
 Virtual System Administrator
Search vendor "Kaseya" for product "Virtual System Administrator"
 >= 9.0.0.0 < 9.0.0.19
Search vendor "Kaseya" for product "Virtual System Administrator" and version " >= 9.0.0.0 < 9.0.0.19"
-
Affected
Kaseya
Search vendor "Kaseya"
 Virtual System Administrator
Search vendor "Kaseya" for product "Virtual System Administrator"
 >= 9.1.0.0 < 9.1.0.9
Search vendor "Kaseya" for product "Virtual System Administrator" and version " >= 9.1.0.0 < 9.1.0.9"
-
Affected