12 July 2021

Kaseya patches VSA zero-day flaws used in REvil ransomware attack


Kaseya patches VSA zero-day flaws used in REvil ransomware attack

US technology firm Kaseya issued a security upd ate that addresses several critical vulnerabilities in its Virtual System Administrator (VSA) tool that was used by the REvil hackers in the widespread ransomware attack that affected up to 1,500 businesses across the globe.

Following the attack, the company advised its customers to shut down their on-premise VSA servers until a patch was available and released a tool called the “Compromise Detection Tool” to help customers identify is their servers were compromised during the attack.

On Sunday, the company released VSA version 9.5.7a (9.5.7.2994) that fixes three security vulnerabilities, namely CVE-2021-30116 (credentials leak and business logic flaw), CVE-2021-30119 (cross-site scripting vulnerability), CVE-2021-30120 (2FA bypass).

The above flaws are part of a se t of seven vulnerabilities reported to Kaseya by the Dutch Institute for Vulnerability Disclosure (DIVD) in April this year, with four issues addressed in previous releases:

CVE-2021-30117 - SQL injection vulnerability (Fixed in VSA 9.5.6)

CVE-2021-30118 - Remote code execution vulnerability (Fixed in VSA 9.5.5)

CVE-2021-30121 - Local file inclusion vulnerability (Fixed in VSA 9.5.6)

CVE-2021-30201 - XML external entity vulnerability (Fixed in VSA 9.5.6).

The company has also fixed a number of other bugs, including an issue where the secure flag was not being used for User Portal session cookies; an issue where certain API responses would contain a password hash, potentially exposing any weak passwords to brute force attack; and a vulnerability that could allow the unauthorized upload of files to the VSA server.


Back to the list

Latest Posts

Malicious actors target Kubernetes clusters via Argo Workflows

Malicious actors target Kubernetes clusters via Argo Workflows

In the observed attacks the threat actors deployed a popular cryptocurrency mining container, kannix/monero-miner.
26 July 2021
Kaseya obtains a decryptor for victims of the REvil ransomware attack

Kaseya obtains a decryptor for victims of the REvil ransomware attack

It's not clear, if the company paid any ransom.
23 July 2021
Chinese cyber-spies use hacked routers in attacks against French organizations

Chinese cyber-spies use hacked routers in attacks against French organizations

The hackers are hijacking home routers to build a proxy botnet in order to hide the origins of their attacks.
22 July 2021