CVE-2018-20753: Kaseya VSA Remote Code Execution Vulnerability
First published: Tue Feb 05 2019(Updated: )
Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote attackers to execute PowerShell payloads on all managed devices. In January 2018, attackers actively exploited this vulnerability in the wild.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Kaseya Virtual System Administrator | >=9.3<9.3.0.35 | |
| Kaseya Virtual System Administrator | >=9.4<9.4.0.36 | |
| Kaseya Virtual System Administrator | >=9.5<9.5.0.5 | |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/description
- agent/title
- agent/severity
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- exploited/true
- ransomware/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/references
- agent/tags
- collector/nvd-cve
- source/NVD
- vendor/kaseya
- canonical/kaseya virtual system administrator
- version/kaseya virtual system administrator/9.3
- version/kaseya virtual system administrator/9.4
- version/kaseya virtual system administrator/9.5
- canonical/kaseya virtual system/server administrator (vsa)