search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Kaseya's agent driver contains NULL pointer dereference

Vulnerability Note VU#204988

Original Release Date: 2014-07-14 | Last Revised: 2014-07-28

Overview

Kaseya's agent driver, kapfa.sys, is vulnerable to a NULL pointer dereference.

Description

CWE-476: NULL Pointer Dereference

Kaseya's agent driver, kapfa.sys, is vulnerable to a NULL pointer dereference.

Impact

A local authenticated attacker may be able to cause a denial-of-service condition or achieve code execution with the privileges of the Windows kernel.

Solution

Kaseya has released patches with the following instructions:

"For VSA Version 7.0, install patch 7.0.0.16 and then update your agents to version 7.0.0.3 or higher (Agent-> Upgrade Agent->Update Agent).

For VSA Version 6.5, install patch 6.5.0.17 and then update your agents to version 6.5.0.2 or higher (Agent-> Upgrade Agent->Update Agent).

For VSA 6.3 or earlier, it is recommended to upgrade the system to version 6.5 or 7.0."

Vendor Information

204988
 
Expand all

Kaseya, Inc. Affected

Notified:  March 14, 2014 Updated: April 29, 2014

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.


CVSS Metrics

Group Score Vector
Base 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C
Temporal 5.5 E:POC/RL:U/RC:UC
Environmental 1.5 CDP:L/TD:L/CR:L/IR:M/AR:H

References

Acknowledgements

Thanks to Bill Finlayson for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

CVE IDs: CVE-2014-2926
Date Public: 2014-07-14
Date First Published: 2014-07-14
Date Last Updated: 2014-07-28 13:54 UTC
Document Revision: 27

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis