← Back to CVEs

CVE-2018-20753

CRITICALCISA KEV

9.8

Description

Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote attackers to execute PowerShell payloads on all managed devices. In January 2018, attackers actively exploited this vulnerability in the wild.

CVE Details

CVSS v3.1 Score9.8

SeverityCRITICAL

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published2/5/2019

Last Modified11/7/2025

Sourcekev

Honeypot Sightings0

CISA KEV

VendorKaseya

ProductVirtual System/Server Administrator (VSA)

Vulnerability NameKaseya VSA Remote Code Execution Vulnerability

KEV Date Added2022-04-13

Remediation Due Date2022-05-04

Ransomware UseKnown

Affected Products

kaseya:virtual_system_administrator

References

https://blog.huntresslabs.com/deep-dive-kaseya-vsa-mining-payload-c0ac839a0e88(cve@mitre.org)

https://helpdesk.kaseya.com/hc/en-gb/articles/360000333152(cve@mitre.org)

https://blog.huntresslabs.com/deep-dive-kaseya-vsa-mining-payload-c0ac839a0e88(af854a3a-2127-422b-91ae-364da2661108)

https://helpdesk.kaseya.com/hc/en-gb/articles/360000333152(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-20753(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.