Kaseya Virtual System Administrator contains multiple vulnerabilities

Overview

Kaseya Virtual System Administrator (VSA), versions R9 and possibly earlier, contains arbitrary file download and open redirect vulnerabilities.

Description

CWE-22: Improper Limitation of Pathname to a Restricted Directory (‘Path Traversal’)- CVE-2015-2862

Kaseya VSA is an IT management platform with a help desk ticketing system. An authenticated attacker can traverse directories and download arbitrary files by submitting a specially crafted HTTP request to the server hosting the VSA software.

CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’) - CVE-2015-2863

Kaseya VSA, versions V7.x, R8.x and R9.x, contain an open redirect vulnerability. An attacker may be able to leverage users’ trust in the domain to induce them to visit a site with malicious content.

The CVSS score below refers to CVE-2015-2862.

---

Impact

A remote, authenticated attacker can download arbitrary files. A remote, unauthenticated attacker may be able to redirect users to arbitrary web sites.

---

Solution

Apply an update

The vendor has released the following patches to address these issues:

* R9.1: install patch 9.1.0.4
* R9.0: install patch 9.0.0.14
* R8.0: install patch 8.0.0.18
* V7.0: install patch 7.0.0.29  

---

Vendor Information

919604

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Kaseya, Inc. Unknown

Notified: April 27, 2015 Updated: April 27, 2015

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

CVSS Metrics

Group	Score	Vector
Base	4.3	AV:N/AC:M/Au:N/C:N/I:P/A:N
Temporal	3.4	E:POC/RL:OF/RC:C
Environmental	2.5	CDP:N/TD:M/CR:ND/IR:ND/AR:ND

References

• <http://www.kaseya.com/solutions/virtual-administrator&gt;
• <http://cwe.mitre.org/data/definitions/22.html&gt;
• <http://cwe.mitre.org/data/definitions/601.html&gt;

Acknowledgements

Thanks to Pedro Ribeiro ([email protected]) of Agile Information Security for reporting these vulnerabilities.

This document was written by Joel Land.

Other Information

CVE IDs:	CVE-2015-2862, CVE-2015-2863
Date Public:	2015-07-13 Date First Published: