CVE-2015-6922
Kaseya Virtual System Administrator Remote File Upload Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before 9.1.0.9 does not properly require authentication, which allows remote attackers to bypass authentication and (1) add an administrative account via crafted request to LocalAuth/setAccount.aspx or (2) write to and execute arbitrary files via a full pathname in the PathData parameter to ConfigTab/uploader.aspx.
Kaseya Virtual System Administrator (VSA) versiones 7.x anteriores a 7.0.0.33, versiones 8.x anteriores a 8.0.0.23, versiones 9.0 anteriores a 9.0.0.19 y versiones 9.1 anteriores a 9.1.0.9, no requiere autenticación, lo que permite a atacantes remotos omitir la autenticación y ( 1) agregar una cuenta administrativa mediante una petición diseñada en el archivo LocalAuth/setAccount.aspx o (2) escribir y ejecutar archivos arbitrarios por medio de un nombre de ruta completo en el parámetro PathData en el archivo ConfigTab/uploader.aspx.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Kaseya Virtual System Administrator. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the uploader.aspx page, which does not properly require that users be authenticated and does not restrict destination file paths. Attackers can leverage this vulnerability to upload and execute arbitrary code on the server under the context of IIS.
Kaseya Virtual System Administrator suffers from multiple code execution vulnerabilities and a privilege escalation vulnerability. VSA versions 7.0.0.0 through 7.0.0.32, 8.0.0.0 through 8.0.0.22, 9.0.0.0 through 9.0.0.18, and 9.1.0.0 through 9.1.0.8 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-09-11 CVE Reserved
- 2015-09-23 CVE Published
- 2015-10-05 First Exploit
- 2024-08-06 CVE Updated
- 2024-10-02 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-287: Improper Authentication
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
http://www.zerodayinitiative.com/advisories/ZDI-15-448 | Third Party Advisory | |
http://www.zerodayinitiative.com/advisories/ZDI-15-449 | Third Party Advisory | |
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/Kaseya/kaseya-vsa-vuln-2.txt | ||
https://seclists.org/bugtraq/2015/Sep/132 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://helpdesk.kaseya.com/entries/96164487--Kaseya-Security-Advisory | 2020-02-26 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Kaseya Search vendor "Kaseya" | Virtual System Administrator Search vendor "Kaseya" for product "Virtual System Administrator" | >= 7.0.0.0 < 7.0.0.33 Search vendor "Kaseya" for product "Virtual System Administrator" and version " >= 7.0.0.0 < 7.0.0.33" | - |
Affected
| ||||||
Kaseya Search vendor "Kaseya" | Virtual System Administrator Search vendor "Kaseya" for product "Virtual System Administrator" | >= 8.0.0.0 < 8.0.0.23 Search vendor "Kaseya" for product "Virtual System Administrator" and version " >= 8.0.0.0 < 8.0.0.23" | - |
Affected
| ||||||
Kaseya Search vendor "Kaseya" | Virtual System Administrator Search vendor "Kaseya" for product "Virtual System Administrator" | >= 9.0.0.0 < 9.0.0.19 Search vendor "Kaseya" for product "Virtual System Administrator" and version " >= 9.0.0.0 < 9.0.0.19" | - |
Affected
| ||||||
Kaseya Search vendor "Kaseya" | Virtual System Administrator Search vendor "Kaseya" for product "Virtual System Administrator" | >= 9.1.0.0 < 9.1.0.9 Search vendor "Kaseya" for product "Virtual System Administrator" and version " >= 9.1.0.0 < 9.1.0.9" | - |
Affected
|