13th July 2021, Kathmandu
Patches have been released for vulnerabilities exploited in ransomware attacks by Kaseya. A software patch has been released by software vendor Kaseya located in Florida. Critical vulnerabilities were used to target more than 1500 businesses worldwide as part of a supply-chain ransomware attack. The organization had requested customers to shut down their server until the patch is deployed. The fix has been implemented after 10 days for the three flaws.
CVE-2021-30116 – Credentials leak + business logic flaw
CVE-2021-30119 – Cross-site scripting vulnerability
CVE-2021-30120 – Two-factor authentication bypass
The newer version available is VSA version 9.5.7a (188.8.131.5294)
Dutch Institute for Vulnerability Disclosure had been discovered and ethically reported to Kaseya.
The vulnerabilities included SQL injection, remote code execution, local file inclusion, and XML external entity vulnerability, which has now been fixed.
A mandatory password change has been imposed upon the customers by Kaseya, and services are now being restored (more than 60% have been restored already).
Multiple flaws had been chained for the sophisticated attack.