Lucene search
K

6 matches found

Circl
Circl
added 2021/07/12 12:51 p.m.6 views

CVE-2021-30120

creationtimestamp| type| source ---|---|--- 2021-07-12 12:51:43+00:00| exploited| https://t.me/truesecator/1905...

9.9CVSS8.1AI score0.05701EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2021/07/12 4:36 a.m.276 views

Kaseya Releases Patches for Flaws Exploited in Widespread Ransomware Attack

Florida-based software vendor Kaseya on Sunday rolled out urgent updates to address critical security vulnerabilities in its Virtual System Administrator VSA solution that was used as a jumping off point to target as many as 1,500 businesses across the globe as part of a widespread supply-chain...

10CVSS0.9AI score0.85619EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2021/07/12 12:0 a.m.181 views

Kaseya VSA < 9.5.7a Multiple Vulnerabilities

The version of Kaseya VSA installed on the remote host is affected by multiple vulnerabilities as referenced in the vendor advisory: - Credentials leak and business logic flaw. CVE-2021-30116 - Cross-Site Scripting vulnerability XSS. CVE-2021-30119 - 2FA Authentication bypass. CVE-2021-30120 Note...

10CVSS7.7AI score0.85619EPSS
Exploits2References5
Cvelist
Cvelist
added 2021/07/09 1:22 p.m.23 views

CVE-2021-30120 2FA bypass in Kaseya VSA <= v9.5.6

Kaseya VSA before 9.5.7 allows attackers to bypass the 2FA requirement. The need to use 2FA for authentication in enforce client-side instead of server-side and can be bypassed using a local proxy. Thus rendering 2FA useless. Detailed description --- During the login process, after the user...

9.9CVSS9.7AI score0.05701EPSS
Exploits0References3
CVE
CVE
added 2021/07/09 1:22 p.m.133 views

CVE-2021-30120

Kaseya VSA 2FA bypass (CVE-2021-30120) affects VSA up to version 9.5.6, where after a valid username/password login the server’s response exposes MFARequired/MFAEnroled booleans and an intercepting proxy can flip MFARequired to False, bypassing 2FA and allowing login without a second factor. This...

9.9CVSS8.7AI score0.05701EPSS
Exploits0References3Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2021/07/06 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-30120

Kaseya VSA before 9.5.7 allows attackers to bypass the 2FA requirement. The need to use 2FA for authentication in enforce client-side instead of server-side and can be bypassed using a local proxy. Thus rendering 2FA useless. Detailed description --- During the login process, after the user...

9.9CVSS7.3AI score0.05701EPSS
Exploits0References1
Rows per page
Query Builder