CVE-2017-18362

CRITICALCISA KEV

9.8

Description

ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware payloads on all endpoints managed by the VSA server. If the ManagedIT.asmx page is available via the Kaseya VSA web interface, anyone with access to the page is able to run arbitrary SQL queries, both read and write, without authentication.

CVE Details

CVSS v3.1 Score9.8

SeverityCRITICAL

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published2/5/2019

Last Modified11/5/2025

Sourcekev

Honeypot Sightings0

CISA KEV

VendorKaseya

ProductVirtual System/Server Administrator (VSA)

Vulnerability NameKaseya VSA SQL Injection Vulnerability

KEV Date Added2022-05-24

Remediation Due Date2022-06-14

Ransomware UseKnown

Affected Products

connectwise:manageditsync

Weaknesses (CWE)

CWE-89CWE-89

References

http://archive.today/rdkeQ(cve@mitre.org)

https://github.com/kbni/owlky(cve@mitre.org)

https://webcache.googleusercontent.com/search?q=cache:ZEo8ZRF_iEIJ:https://helpdesk.kaseya.com/hc/en-gb/articles/360022495572-Connectwise-API-Vulnerability+(cve@mitre.org)

http://archive.today/rdkeQ(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/kbni/owlky(af854a3a-2127-422b-91ae-364da2661108)

https://webcache.googleusercontent.com/search?q=cache:ZEo8ZRF_iEIJ:https://helpdesk.kaseya.com/hc/en-gb/articles/360022495572-Connectwise-API-Vulnerability+(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-18362(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.