search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Kaseya Virtual System Administrator contains multiple vulnerabilities

Vulnerability Note VU#919604

Original Release Date: 2015-07-13 | Last Revised: 2015-07-13

Overview

Kaseya Virtual System Administrator (VSA), versions R9 and possibly earlier, contains arbitrary file download and open redirect vulnerabilities.

Description

CWE-22: Improper Limitation of Pathname to a Restricted Directory ('Path Traversal') - CVE-2015-2862

Kaseya VSA is an IT management platform with a help desk ticketing system. An authenticated attacker can traverse directories and download arbitrary files by submitting a specially crafted HTTP request to the server hosting the VSA software.

CWE-601: URL Redirection to Untrusted Site ('Open Redirect') - CVE-2015-2863

Kaseya VSA, versions V7.x, R8.x and R9.x, contain an open redirect vulnerability. An attacker may be able to leverage users' trust in the domain to induce them to visit a site with malicious content.

The CVSS score below refers to CVE-2015-2862.

Impact

A remote, authenticated attacker can download arbitrary files. A remote, unauthenticated attacker may be able to redirect users to arbitrary web sites.

Solution

Apply an update

The vendor has released the following patches to address these issues:

    • R9.1: install patch 9.1.0.4
    • R9.0: install patch 9.0.0.14
    • R8.0: install patch 8.0.0.18
    • V7.0: install patch 7.0.0.29

Vendor Information

919604
 
Expand all

Kaseya, Inc. Unknown

Notified:  April 27, 2015 Updated: April 27, 2015

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References


    CVSS Metrics

    Group Score Vector
    Base 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N
    Temporal 3.4 E:POC/RL:OF/RC:C
    Environmental 2.5 CDP:N/TD:M/CR:ND/IR:ND/AR:ND

    References

    Acknowledgements

    Thanks to Pedro Ribeiro (pedrib@gmail.com) of Agile Information Security for reporting these vulnerabilities.

    This document was written by Joel Land.

    Other Information

    CVE IDs: CVE-2015-2862, CVE-2015-2863
    Date Public: 2015-07-13
    Date First Published: 2015-07-13
    Date Last Updated: 2015-07-13 17:05 UTC
    Document Revision: 13

    Sponsored by CISA.

    Download PGP Key

    Read CERT/CC Blog

    Learn about Vulnerability Analysis