// For flags

CVE-2021-30121

(Semi-)Authenticated local file inclusion in Kaseya VSA < v9.5.6

Severity Score

6.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Semi-authenticated local file inclusion The contents of arbitrary files can be returned by the webserver Example request: `https://x.x.x.x/KLC/js/Kaseya.SB.JS/js.aspx?path=C:\Kaseya\WebPages\dl.asp` A valid sessionId is required but can be easily obtained via CVE-2021-30118

Inclusión de archivos locales semiautenticados El contenido de archivos arbitrarios puede ser devuelto por el servidor web Ejemplo de solicitud: `https://x.x.x.x/KLC/js/Kaseya.SB.JS/js.aspx?path=C:\Kaseya\WebPages\dl.asp` Se requiere un SessionId válido pero puede ser fácilmente obtenido a través de CVE-2021-30118

*Credits: Discovered by Wietse Boonstra of DIVD, Additional research by Frank Breedijk of DIVD
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-04-02 CVE Reserved
  • 2021-07-09 CVE Published
  • 2024-05-31 EPSS Updated
  • 2024-08-03 CVE Updated
  • 2024-08-03 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-829: Inclusion of Functionality from Untrusted Control Sphere
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Kaseya
Search vendor "Kaseya"
 Vsa
Search vendor "Kaseya" for product "Vsa"
 < 9.5.6
Search vendor "Kaseya" for product "Vsa" and version " < 9.5.6"
-
Affected