CVE-2015-6922

high-risk
Published 2020-02-17

Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before 9.1.0.9 does not properly require authentication, which allows remote attackers to bypass authentication and (1) add an administrative account via crafted request to LocalAuth/setAccount.aspx or (2) write to and execute arbitrary files via a full pathname in the PathData parameter to ConfigTab/uploader.aspx.

Do I need to act?

!
77.8% chance of exploitation in next 30 days
EPSS score — higher than 22% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
2 public exploits available
38351, 38401
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Kaseya

References (10)

Exploit http://packetstormsecurity.com/files/133782/Kaseya-Virtual-System-Administrator-...
Third Party Advisory http://www.zerodayinitiative.com/advisories/ZDI-15-448
Third Party Advisory http://www.zerodayinitiative.com/advisories/ZDI-15-449
Broken Link https://helpdesk.kaseya.com/entries/96164487--Kaseya-Security-Advisory
Exploit https://www.exploit-db.com/exploits/38351/
Exploit http://packetstormsecurity.com/files/133782/Kaseya-Virtual-System-Administrator-...
Third Party Advisory http://www.zerodayinitiative.com/advisories/ZDI-15-448
Third Party Advisory http://www.zerodayinitiative.com/advisories/ZDI-15-449
Broken Link https://helpdesk.kaseya.com/entries/96164487--Kaseya-Security-Advisory
Exploit https://www.exploit-db.com/exploits/38351/
64
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 27/34 · High
Exposure 5/34 · Minimal