Unauthenticated Remote Command Vulnerability in Kaseya VSA by ConnectWise
CVE-2017-18362

9.8CRITICAL

Key Information:

Vendor: Connectwise
Status: Manageditsync
Vendor: CVE Published:; 5 February 2019

🔔 Create Connectwise Vulnerability Alert

Badges

💰 Ransomware👾 Exploit Exists🟣 EPSS 45%🦅 CISA Reported

What is CVE-2017-18362?

The Kaseya VSA software, integrated with ConnectWise ManagedITSync, is exposed to a serious vulnerability that permits unauthenticated remote command execution. Attackers can exploit this flaw to gain unauthorized access to the Kaseya VSA database, enabling them to execute arbitrary SQL queries with both read and write capabilities. This vulnerability became particularly problematic in early 2019, as it was actively exploited by malicious actors to deploy ransomware across all endpoints managed by the affected VSA server. If the ManagedIT.asmx endpoint is accessible through the Kaseya VSA web interface, an attacker can interact with the database without any authentication barriers, significantly compromising the security and integrity of the systems involved.

CISA has reported CVE-2017-18362

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2017-18362 as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: The impacted product is end-of-life and should be disconnected if still in use.