Vulnerability Note VU#204988
Kaseya's agent driver contains NULL pointer dereference
CWE-476: NULL Pointer Dereference
Kaseya's agent driver, kapfa.sys, is vulnerable to a NULL pointer dereference.
A local authenticated attacker may be able to cause a denial-of-service condition or achieve code execution with the privileges of the Windows kernel.
Kaseya has released patches with the following instructions:
For VSA Version 6.5, install patch 220.127.116.11 and then update your agents to version 18.104.22.168 or higher (Agent-> Upgrade Agent->Update Agent).
For VSA 6.3 or earlier, it is recommended to upgrade the system to version 6.5 or 7.0."
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Kaseya, Inc.||Affected||14 Mar 2014||29 Apr 2014|
CVSS Metrics (Learn More)
Thanks to Bill Finlayson for reporting this vulnerability.
This document was written by Jared Allar.
- CVE IDs: CVE-2014-2926
- Date Public: 14 Jul 2014
- Date First Published: 14 Jul 2014
- Date Last Updated: 28 Jul 2014
- Document Revision: 26
If you have feedback, comments, or additional information about this vulnerability, please send us email.