Kaseya Releases Patches for Vulnerabilities Exploited in Ransomware Attack

Kaseya Patches
Share It On:

13th July 2021, Kathmandu

Patches have been released for vulnerabilities exploited in ransomware attacks by Kaseya. A software patch has been released by software vendor Kaseya located in Florida. Critical vulnerabilities were used to target more than 1500 businesses worldwide as part of a supply-chain ransomware attack. The organization had requested customers to shut down their server until the patch is deployed. The fix has been implemented after 10 days for the three flaws.

CVE-2021-30116 – Credentials leak + business logic flaw

CVE-2021-30119 – Cross-site scripting vulnerability

CVE-2021-30120 – Two-factor authentication bypass

The newer version available is VSA version 9.5.7a (9.5.7.2994)

Dutch Institute for Vulnerability Disclosure had been discovered and ethically reported to Kaseya.

The vulnerabilities included SQL injection, remote code execution, local file inclusion, and XML external entity vulnerability, which has now been fixed.

A mandatory password change has been imposed upon the customers by Kaseya, and services are now being restored (more than 60% have been restored already).

Multiple flaws had been chained for the sophisticated attack.


Share It On:

Recent Posts

Golchha Group and ENSSURE Nepal Launch VET Apprenticeship Program to Boost Skills

Golchha Group and ENSSURE Nepal Launch VET Apprenticeship Program to

Share It On:24th December 2024, kathmandu Golchha Group, a pioneering industrial group in Nepal that carries a legacy of 100

Nepal Telecom BTS Vandalism in Humla: Service Disruption and Repair Efforts

Nepal Telecom BTS Vandalism in Humla: Service Disruption and Repair

Share It On: 24th December 2024, kathmandu Nepal Telecom is facing a major disruption in its services in the Humla

Worldlink Carnival Pokhara 2024: Fun, Music, and Prizes Await

Worldlink Carnival Pokhara 2024: Fun, Music, and Prizes Await

Share It On:24th December 2024, Kathmandu Worldlink, Nepal’s top internet service provider, is organizing a grand event, the “Worldlink Carnival,”

Nepal Power Grid Upgrade: $537M Investment for Enhanced Energy Access and Regional Trade

Nepal Power Grid Upgrade: $537M Investment for Enhanced Energy Access

Share It On:24th December, Kathmandu Nepal has secured an investment of NPR 72.93 billion (USD 537 million) for enhancing its

Ncell Foundation 4 for 4s NPL Campaign Provides 2600+ Kits  for Education and Empowerment

Ncell Foundation 4 for 4s NPL Campaign Provides 2600+ Kits

Share It On:24th December 2024, Kathmandu Linking the excitement of cricket via Nepal Premiere League (NPL) to the classrooms, Ncell

Closeup & Voice of Nepal Partnership: Elevating Nepali Music and Talent

Closeup & Voice of Nepal Partnership: Elevating Nepali Music and

Share It On:24th December 2024, Kathmandu Unilever Nepal’s popular brand, Closeup, has signed an agreement to sponsor the sixth season