Vulnerability Note VU#919604

Kaseya Virtual System Administrator contains multiple vulnerabilities

Original Release date: 13 Jul 2015 | Last revised: 13 Jul 2015

Overview

Kaseya Virtual System Administrator (VSA), versions R9 and possibly earlier, contains arbitrary file download and open redirect vulnerabilities.

Description

CWE-22: Improper Limitation of Pathname to a Restricted Directory ('Path Traversal') - CVE-2015-2862

Kaseya VSA is an IT management platform with a help desk ticketing system. An authenticated attacker can traverse directories and download arbitrary files by submitting a specially crafted HTTP request to the server hosting the VSA software.

CWE-601: URL Redirection to Untrusted Site ('Open Redirect') - CVE-2015-2863

Kaseya VSA, versions V7.x, R8.x and R9.x, contain an open redirect vulnerability. An attacker may be able to leverage users' trust in the domain to induce them to visit a site with malicious content.

The CVSS score below refers to CVE-2015-2862.

Impact

A remote, authenticated attacker can download arbitrary files. A remote, unauthenticated attacker may be able to redirect users to arbitrary web sites.

Solution

Apply an update

The vendor has released the following patches to address these issues:

  • R9.1: install patch 9.1.0.4
  • R9.0: install patch 9.0.0.14
  • R8.0: install patch 8.0.0.18
  • V7.0: install patch 7.0.0.29

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Kaseya, Inc.Unknown27 Apr 201527 Apr 2015
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N
Temporal 3.4 E:POC/RL:OF/RC:C
Environmental 2.5 CDP:N/TD:M/CR:ND/IR:ND/AR:ND

References

Credit

Thanks to Pedro Ribeiro (pedrib@gmail.com) of Agile Information Security for reporting these vulnerabilities.

This document was written by Joel Land.

Other Information

  • CVE IDs: CVE-2015-2862 CVE-2015-2863
  • Date Public: 13 Jul 2015
  • Date First Published: 13 Jul 2015
  • Date Last Updated: 13 Jul 2015
  • Document Revision: 13

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.