Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
IT and security management solutions provider Kaseya has recently released security patches to tackle server-side Kaseya Unitrends zero-day bugs discovered by cybersecurity specialists at the Dutch Institute for Vulnerability Disclosure (DIVD).
The two weaknesses included an authenticated remote code execution bug on the server and a privilege escalation vulnerability from read-only user to admin on the server. They were discovered at the beginning of July and immediately disclosed to Kaseya.
On July 14, the security experts started looking the Internet up and down for vulnerable Kaseya Unitrends occurrences in order to alert the owners of the impacted servers to get them offline and wait for a patch release.
On July 26, the DIVD researchers issued a TLP:AMBER alert involving 3 Kaseya Unitrends vulnerabilities that were unpatched in the backup product.
DIVD Chairman Victor Gevers declared for BleepingComputer that the advisory was originally shared with 68 government CERTs under a coordinated disclosure.
According to DIVD, the IT infrastructure management solution provider has tackled the two known flaws in server software version 10.5.5-2 released on August 12, but it’s currently working on a patch to address a (yet) undisclosed vulnerability on the client.
The client side vulnerability is currently unpatched, but Kaseya urges users to mitigate these vulnerabilities via firewall rules as per their best prectices and firewall requirements.
In addition to that, they have released a knowledge base article with steps to mitigate the vulnerability.
Following the security patches release, the American company contacted its customers and advised them to patch the exposed servers and apply mitigations for clients (found in the article they have published).
Unitrends Vulnerabilities Difficult to Exploit
There is also good news. The three flaws are not easy to exploit as the threat actors would be required to have authentic credentials to initiate an RCE attack or escalate privileges on Unitrends servers that are vulnerable on the Internet.
Another obstacle is that the hackers also need to have their victims’ systems breached before successfully taking advantage of the unauthenticated client RCE vulnerability.
DIVD Chairman told BleepingComputer that, despite being discovered on the networks of companies from sensitive sectors, the amount of vulnerable Unitrends occurrences is not very high.
As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.
