Kaseya patches VSA vulnerabilities used in REvil ransomware attack

Jul 11, 2021 10:00 pm Cyber Security 223
Kaseya patches VSA vulnerabilities used in REvil ransomware attack


Kaseya has released a security update for the VSA zero-day vulnerabilities used by the REvil ransomware gang to attack MSPs and their customers.


Kaseya VSA is a remote management and monitoring solution commonly used by managed service providers to support their customers. MSPs can deploy VSA on-premise using their servers or utilize Kaseya's cloud-based SaaS solution.


In April, the Dutch Institute for Vulnerability Disclosure (DIVD) disclosed seven vulnerabilities to Kaseya:


  • CVE-2021-30116 - A credentials leak and business logic flaw, to be included in 9.5.7

  • CVE-2021-30117 - An SQL injection vulnerability, resolved in May 8th patch.

  • CVE-2021-30118 - A Remote Code Execution vulnerability, resolved in April 10th patch. (v9.5.6)

  • CVE-2021-30119 - A Cross Site Scripting vulnerability, to be included in 9.5.7

  • CVE-2021-30120 - 2FA bypass, to be resolved in v9.5.7

  • CVE-2021-30121 - A Local File Inclusion vulnerability, resolved in May 8th patch.

  • CVE-2021-30201 - A XML External Entity vulnerability, resolved in May 8th patch.

    • Kaseya had implement ..

    Support the originator by clicking the read the rest link below.

    kaseya patches vulnerabilities revil ransomware attack
    Read The Rest from the original source
    bleepingcomputer.com

    Related News

    Be in Touch

    All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
    Powered By The Internet!!!!