Researchers warn of unpatched vulnerabilities in Kaseya Unitrends

vulnerabilities in Kaseya Unitrends
Written by Emma Davis

The Dutch Vulnerability Disclosure Institute (DIVD) said it identified three 0-day vulnerabilities in the Kaseya Unitrends backup product.

Kaseya Unitrends is a cloud-based enterprise backup and disaster recovery solution offered as a standalone product or as an add-on to the Kaseya VSA platform.

DIVD chairman Victor Gevers told Bleeping Computer that 68 government CERTs had reported these issues, but one recipient uploaded the data to an analytics web platform where it was made available to anyone who had access to the service.

As a result, DIVD representatives decided to publicly report bugs found in Kaseya Unitrends (in versions up to 10.5.2).

The unpatched vulnerabilities relate to remote code execution (after authentication), privilege escalation (after authentication), and remote code execution (no authentication) on the client side. Now researchers warn that it is better to temporarily isolate the service and clients (especially those working on the default ports 80, 443, 1743, 1745) from the Internet.

Do not open this service or clients directly to the Internet until Kaseya fixes these vulnerabilities. Vulnerabilities affecting the Kaseya Unitrends backup service include a combination of authenticated remote code execution, authenticated elevation of privilege, and remote code execution without client-side authentication.the message DIVD says.

Fortunately, these problems are much more difficult to exploit than the RCE vulnerability in Kaseya VSA, which was recently exploited by the REvil ransomware operators.

The point is that in the case of Kaseya Unitrends, an attacker would need to hijack or create a valid user account in order to remotely execute code or escalate privileges. To use unauthenticated RCE in the client, you will have to penetrate the company’s network in advance.

Gevers says the number of vulnerable Kaseya Unitrends installations available online is small, but they have been found in critical industries.

Let me remind you that we also reported that The Kaseya company has a decryptor for the REvil ransomware.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply


This site uses Akismet to reduce spam. Learn how your comment data is processed.