Lucene search
HistorySep 23, 2015 - 12:00 a.m.
Kaseya Virtual System Administrator Remote Privilege Escalation Vulnerability
2015-09-2300:00:00
Pedro Ribeiro ([email protected]) / Agile Information Security
www.zerodayinitiative.com
36
EPSS
0.944
Percentile
99.3%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Kaseya Virtual System Administrator. Authentication is not required to exploit this vulnerability. The specific flaw exists within the forwarding service’s handing of the setAccount.aspx page, which does not properly enforce that users be authenticated before manipulating user accounts. Attackers can use this vulnerability to become “Master Admin” in the application and execute arbitrary code on all managed devices.
Related
zdi
zdi
prion
prion
Authentication flaw
2020-02-17 18:15:00
cvelist
cvelist
CVE-2015-6922
2020-02-17 18:00:30
exploitdb
exploitdb
metasploit
metasploit
Kaseya VSA Master Administrator Account Creation
2015-09-29 10:51:21
Kaseya VSA uploader.aspx Arbitrary File Upload
2015-09-29 10:56:34
cve
cve
CVE-2015-6922
2020-02-17 18:15:11
nvd
nvd
CVE-2015-6922
2020-02-17 18:15:11
zdt
zdt
Kaseya VSA uploader.aspx Arbitrary File Upload Exploit
2015-10-03 00:00:00
Kaseya Virtual System Administrator - Multiple Vulnerabilities
2015-09-29 00:00:00
checkpoint_advisories
checkpoint_advisories
Kaseya Virtual System Administrator Multiple Vulnerabilities (CVE-2015-6922)
2016-09-22 00:00:00
packetstorm
packetstorm
Kaseya VSA uploader.aspx Arbitrary File Upload
2015-10-02 00:00:00
Kaseya VSA Master Administrator Account Creation
2024-08-31 00:00:00
Kaseya Virtual System Administrator Code Execution / Privilege Escalation
2015-09-30 00:00:00
exploitpack
exploitpack