Kaseya Patches

13th July 2021, Kathmandu

Patches have been released for vulnerabilities exploited in ransomware attacks by Kaseya. A software patch has been released by software vendor Kaseya located in Florida. Critical vulnerabilities were used to target more than 1500 businesses worldwide as part of a supply-chain ransomware attack. The organization had requested customers to shut down their server until the patch is deployed. The fix has been implemented after 10 days for the three flaws.

CVE-2021-30116 – Credentials leak + business logic flaw

CVE-2021-30119 – Cross-site scripting vulnerability

CVE-2021-30120 – Two-factor authentication bypass

The newer version available is VSA version 9.5.7a (9.5.7.2994)

Dutch Institute for Vulnerability Disclosure had been discovered and ethically reported to Kaseya.

The vulnerabilities included SQL injection, remote code execution, local file inclusion, and XML external entity vulnerability, which has now been fixed.

A mandatory password change has been imposed upon the customers by Kaseya, and services are now being restored (more than 60% have been restored already).

Multiple flaws had been chained for the sophisticated attack.

LEAVE A REPLY

Please enter your comment!
Please enter your name here