Local Privilege Escalation in Kaseya Virtual System Administrator Agent
CVE-2017-12410

7.4HIGH

Key Information:

Vendor: Kaseya
Status: Virtual System Administrator
Vendor: CVE Published:; 26 March 2018

What is CVE-2017-12410?

A race condition vulnerability exists in the Kaseya Virtual System Administrator agent, allowing an attacker to exploit the Time of Check to Time of Use (TOCTOU) flaw. This enables the execution of arbitrary programs with elevated privileges, specifically 'NT AUTHORITY\SYSTEM'. The issue arises during the execution of binaries from working or temporary folders, making it crucial for users to ensure they are on the latest version to mitigate potential risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/archive/1/541884/100/0/threaded

mailing-listx_refsource_BUGTRAQ

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 26, 2018
Vulnerability Reserved
Aug 3, 2017

JSON

Kaseya

What is CVE-2017-12410?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.