Remote Code Execution Flaw in Kaseya VSA Remote Management Software
CVE-2018-20753

9.8CRITICAL

Key Information:

Vendor: Kaseya
Status: Virtual System Administrator
Vendor: CVE Published:; 5 February 2019

Badges

💰 Ransomware👾 Exploit Exists🟣 EPSS 37%🦅 CISA Reported

What is CVE-2018-20753?

The vulnerability identified in Kaseya VSA RMM software allows unprivileged remote attackers to execute malicious PowerShell commands on all managed devices. Versions R9.3 prior to 9.3.0.35, R9.4 prior to 9.4.0.36, and R9.5 prior to 9.5.0.5 are particularly susceptible, posing a significant risk as attackers have exploited it actively. This vulnerability highlights the critical importance of keeping remote management systems up to date to mitigate potential unauthorized access and control.

CISA has reported CVE-2018-20753

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2018-20753 as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: Apply updates per vendor instructions.

References

https://blog.huntresslabs.com/deep-dive-kaseya-vsa-mining...

x_refsource_MISC

https://helpdesk.kaseya.com/hc/en-gb/articles/360000333152

x_refsource_MISC

EPSS Score

37% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

💰
Used in Ransomware
Apr 13, 2022
👾
Exploit known to exist
Apr 13, 2022
🦅
CISA Reported
Apr 13, 2022
Vulnerability published
Feb 5, 2019
Vulnerability Reserved
Feb 4, 2019