Kaseya Issues Patches for Two New 0-Day Flaws Affecting Unitrends Servers

News

U.S. technology firm Kaseya has released security patches to address two zero-day vulnerabilities affecting its Unitrends enterprise backup and continuity solution that could result in privilege escalation and authenticated remote code execution.

The two weaknesses are part of a trio of vulnerabilities discovered and reported by researchers at the Dutch Institute for Vulnerability Disclosure (DIVD) on July 3, 2021.

Stack Overflow Teams

The IT infrastructure management solution provider has addressed the issues in server software version 10.5.5-2 released on August 12, DIVD said. An as-yet-undisclosed client-side vulnerability in Kaseya Unitrends remains unpatched, but the company has published firewall rules that can be applied to filter traffic to and from the client and mitigate any risk associated with the flaw. As an additional precaution, it’s recommended not to leave the servers accessible over the internet.

Although specifics related to the vulnerabilities are sparse, the shortcomings concern an authenticated remote code execution vulnerability as well as a privilege escalation flaw from read-only user to admin on Unitrends servers, both of which hinge on the possibility that an attacker has already gained an initial foothold on a target’s network, making them more difficult to exploit.

Prevent Data Breaches

The disclosure comes close to two months after the company suffered a crippling ransomware strike on its VSA on-premises product, leading to the mysterious shutdown of REvil cybercrime syndicate in the following weeks. Kaseya has since shipped fixes for the zero-days that were exploited to gain access to the on-premise servers, and late last month, said it obtained a universal decryptor “to remediate customers impacted by the incident.”

Products You May Like

Articles You May Like

Thai Officials Targeted in Yokai Backdoor Campaign Using DLL Side-Loading Techniques
HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft
Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware
Akira and RansomHub Surge as Ransomware Claims Reach All-Time High
Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware

Leave a Reply

Your email address will not be published. Required fields are marked *