CYBER SECURITY ENTHUSIAST

The DIVD researchers (the Dutch Institute for Vulnerability Disclosure ) issued a TLP:AMBER warning concerning 3 Kasyea Unitrends vulnerabilities that were unpatched in the backup product.

Chairman Victor Gevers declared for BleepingComputer the fact that the advisory was originally shared with 68 government CERTs under a coordinated disclosure.

However, it seems that one of the recipients had uploaded the advisory to an online analyzing platform, and here it became public to those with access to the service.

Two days later, an Information Sharing and Analysis Center alerted us that one of the GovCERTs had forwarded the email to an organization’s service desk operating in the Financial Services in that country.

An employee uploaded the TLP: AMBER labeled directly to an online analyzing platform and shared its content to all participants of that platform; because we do not have an account on that platform, we immediately requested removing this file.

Source

Kaseya Unitrends Vulnerabilities Explained

The public advisory that originated from DIVD came as a warning about the zero-day vulnerabilities that have been discovered in earlier versions than 10.5.2 for Kaseya Unitrends.

Do not expose this service or the clients (running default on ports 80, 443, 1743, 1745) directly to the internet until Kaseya has patched these vulnerabilities.

Source

The Kaseya Unitrends vulnerabilities are affecting the backup service and include a mixture of authenticated remote code execution, authenticated privilege escalation, and unauthenticated remote code execution on the client-side, and fortunately, these vulnerabilities are more difficult to exploit, unlike the Kaseya VSA zero-days that were used as part of the July 2nd REvil ransomware attack.

In order to exploit these vulnerabilities, a threat actor would need a valid user to perform remote code execution or privilege escalation on the publicly exposed Kaseya Unitrends service.

According to the news publication BleepingComputer, DIVD will try to inform the owners of vulnerable systems in order to get them offline until a patch is released.

Defining Zero Day Attacks, Exploits, Vulnerabilities

Kaseya Managed to Obtain the Universal Decryptor After the REvil Ransomware Attack

A Fake Kaseya Security Update Is ‘Backdooring’ Networks Using Cobalt Strike

Following the Kaseya Attack, US Says It Will Take Action Against Ransomware Hackers If Russia Won’t

CISA and FBI Share Guidance for the Victims of Kaseya Ransomware Attack

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP