CVE-2017-18362

CRITICALCISA KEV

9.8

Beschreibung

ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware payloads on all endpoints managed by the VSA server. If the ManagedIT.asmx page is available via the Kaseya VSA web interface, anyone with access to the page is able to run arbitrary SQL queries, both read and write, without authentication.

CVE Details

CVSS v3.1 Bewertung9.8

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht2/5/2019

Zuletzt geandert11/5/2025

Quellekev

Honeypot-Sichtungen0

CISA KEV

HerstellerKaseya

ProduktVirtual System/Server Administrator (VSA)

SchwachstellennameKaseya VSA SQL Injection Vulnerability

KEV Aufnahmedatum2022-05-24

Behebungsfrist2022-06-14

Ransomware-NutzungKnown

Betroffene Produkte

connectwise:manageditsync

Schwachen (CWE)

CWE-89CWE-89

Referenzen

http://archive.today/rdkeQ(cve@mitre.org)

https://github.com/kbni/owlky(cve@mitre.org)

https://webcache.googleusercontent.com/search?q=cache:ZEo8ZRF_iEIJ:https://helpdesk.kaseya.com/hc/en-gb/articles/360022495572-Connectwise-API-Vulnerability+(cve@mitre.org)

http://archive.today/rdkeQ(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/kbni/owlky(af854a3a-2127-422b-91ae-364da2661108)

https://webcache.googleusercontent.com/search?q=cache:ZEo8ZRF_iEIJ:https://helpdesk.kaseya.com/hc/en-gb/articles/360022495572-Connectwise-API-Vulnerability+(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-18362(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.