Vulners
Lucene search
Kaseya VSA 2017 ConnectWise ManagedITSync - Remote Code Execution
| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
 | CVE-2017-18362 | 5 Feb 201900:00 | – | attackerkb |
 | The vulnerability of the ManagedIT.asmx component of the ConnectWise ManagedITSync plugin in the Kaseya VSA IT-infrastructure management platform allows a attacker to execute arbitrary SQL commands. | 6 Jul 202200:00 | – | bdu_fstec |
 | CVE-2017-18362 | 5 Feb 201912:26 | – | circl |
 | Kaseya VSA SQL Injection Vulnerability | 24 May 202200:00 | – | cisa_kev |
 | ConnectWise ManagedITSync SQL Injection (CVE-2017-18362) | 7 Jun 202200:00 | – | checkpoint_advisories |
 | CVE-2017-18362 | 5 Feb 201905:00 | – | cve |
 | CVE-2017-18362 | 5 Feb 201905:00 | – | cvelist |
 | CVE-2017-18362 | 5 Feb 201906:29 | – | nvd |
 | CVE-2017-18362 | 5 Feb 201906:29 | – | osv |
 | Sql injection | 5 Feb 201906:29 | – | prion |
10
id: CVE-2017-18362
info:
name: Kaseya VSA 2017 ConnectWise ManagedITSync - Remote Code Execution
author: pussycat0x
severity: critical
description: |
ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. If the ManagedIT.asmx page is available via the Kaseya VSA web interface, anyone with access to the page is able to run arbitrary SQL queries, both read and write, without authentication.In February 2019, attackers actively exploited this vulnerability in the wild to download and execute ransomware payloads on all endpoints managed by the VSA server.
impact: |
Unauthenticated attackers can execute arbitrary SQL queries to access and modify the Kaseya VSA database, deploy ransomware to all managed endpoints, and potentially compromise entire customer infrastructures.
remediation: |
Disable or remove the ConnectWise ManagedITSync integration. If required, apply the latest security patches and restrict access to the ManagedIT.asmx endpoint.
reference:
- https://github.com/kbni/owlky
- https://www.huntress.com/blog/cve-2017-18362-arbitrary-sql-injection-in-mangeditsync-integration-ba142ff24f4d
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2017-18362
cwe-id: CWE-89
epss-score: 0.86706
epss-percentile: 0.99716
cpe: cpe:2.3:a:connectwise:manageditsync:*:*:*:*:*:kaseya_vsa:*:*
metadata:
vendor: connectwise
product: manageditsync
framework: kaseya_vsa
tags: cve,cve2017,kaseya,connectwise,sqli,kev,vkev
http:
- raw:
- |
GET /KaseyaCwWebService/ManagedIT.asmx HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- contains_any(body, 'ManagedIT.asmx?op=', 'ExecuteSQLQuery')
- status_code == 200
condition: and
# digest: 490a0046304402207678ab7da5037494b3ea8cab898651e3d7e635607fb77c27139e3fc9addc40ab02204d76032308bb9626542aa2b15b68c28ced358458a6fc264af677ef4aff0ec069:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
7.6High risk
Vulners AI Score7.6
CVSS 27.5
CVSS 3.19.8
EPSS0.86706
SSVC