[BreachExchange] Kaseya Issues Patches for Two New 0-Day Flaws Affecting Unitrends Servers

Sophia Kingsbury sophia.kingsbury at riskbasedsecurity.com
Fri Aug 27 08:45:05 EDT 2021


https://thehackernews.com/2021/08/kaseya-issues-patches-for-two-new-0-day.html

U.S. technology firm Kaseya has released security patches to address two
zero-day vulnerabilities affecting its Unitrends enterprise backup and
continuity solution that could result in privilege escalation and
authenticated remote code execution.

The two weaknesses are part of a trio of vulnerabilities discovered and
reported by researchers at the Dutch Institute for Vulnerability Disclosure
(DIVD) on July 3, 2021.

The IT infrastructure management solution provider has addressed the issues
in server software version 10.5.5-2 released on August 12, DIVD said. An
as-yet-undisclosed client-side vulnerability in Kaseya Unitrends remains
unpatched, but the company has published firewall rules that can be applied
to filter traffic to and from the client and mitigate any risk associated
with the flaw. As an additional precaution, it's recommended not to leave
the servers accessible over the internet.

Although specifics related to the vulnerabilities are sparse, the
shortcomings concern an authenticated remote code execution vulnerability
as well as a privilege escalation flaw from read-only user to admin on
Unitrends servers, both of which hinge on the possibility that an attacker
has already gained an initial foothold on a target's network, making them
more difficult to exploit.

The disclosure comes close to two months after the company suffered a
crippling ransomware strike on its VSA on-premises product, leading to the
mysterious shutdown of REvil cybercrime syndicate in the following weeks.
Kaseya has since shipped fixes for the zero-days that were exploited to
gain access to the on-premise servers, and late last month, said it
obtained a universal decryptor "to remediate customers impacted by the
incident."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210827/03815c60/attachment.html>


More information about the BreachExchange mailing list