Security Vulnerabilities fixed in Kaseya Server 9.5.7.2994

Description

An attempt to exploit a Remote Code Execution Vulnerability in Kaseya VSA was detected. The vulnerability is due to improper validation of user-supplied input in Kaseya VSA. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted request. Successful exploitation would result in arbitrary code execution. This vulnerability also includes an issue which allows cross credential disclosure, Cross Site Scripting (XSS), and attackers to bypass the 2FA requirement.

Outbreak Alert

A recent high profile exploit involing Kaseya VSA product was linked to the REvil ransomware. This report summarizes the Fortinet Security Fabric coverage for the REvil ransomware itself. Refer to the separate report for more detail about the Kaseya vulnerability.

View the full Outbreak Alert Report

This report focusses on the Kaseya vulnerability itself -- A separate (dedicated) report is available for the REvil ransomware which exploits this vunlerability. Kaseya VSA product is the victim of a sophisticated cyberattack causing many of its customers to be infected with ransomware. On July 2, the SaaS version was temporarily shutdown, and Kaseya warned all its customers to immediately stop using the on-premise version until a patch is available. Nearly 40 of its MSP customers were reported hacked, who themselves manage hundreds or thousands of businesses underneath. https://www.nbcnews.com/tech/security/ransomware-attack-software-manager-hits-200-companies-rcna1338 Background

View the full Outbreak Alert Report

Affected Applications

Kaseya Server

CVE References

CVE-2021-30116 CVE-2021-30119 CVE-2021-30120

Other References

https://helpdesk.kaseya.com/hc/en-gb/articles/4403785889041-9-5-7a-9-5-7-2994-Feature-Release-11-July-2021