9.8
CVE-2018-20753
- EPSS 29.55%
- Veröffentlicht 05.02.2019 06:29:00
- Zuletzt bearbeitet 07.11.2025 19:09:13
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginKaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote attackers to execute PowerShell payloads on all managed devices. In January 2018, attackers actively exploited this vulnerability in the wild.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Kaseya ≫ Virtual System Administrator Version >= 9.3 < 9.3.0.35
Kaseya ≫ Virtual System Administrator Version >= 9.4 < 9.4.0.36
Kaseya ≫ Virtual System Administrator Version >= 9.5 < 9.5.0.5
13.04.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Kaseya VSA Remote Code Execution Vulnerability
SchwachstelleKaseya VSA RMM allows unprivileged remote attackers to execute PowerShell payloads on all managed devices.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 29.55% | 0.979 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
https://blog.huntresslabs.com/deep-dive-kaseya-vsa-mining-payload-c0ac839a0e88
https://helpdesk.kaseya.com/hc/en-gb/articles/360000333152
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-20753