Home News Kaseya Issues Patches for Two New 0-Day Flaws Affecting Unitrends Servers

    Kaseya Issues Patches for Two New 0-Day Flaws Affecting Unitrends Servers

    8
    0


    Kaseya

    U.S. know-how agency Kaseya has released safety patches to deal with two zero-day vulnerabilities affecting its Unitrends enterprise backup and continuity resolution that might end in privilege escalation and authenticated distant code execution.

    The 2 weaknesses are a part of a trio of vulnerabilities found and reported by researchers on the Dutch Institute for Vulnerability Disclosure (DIVD) on July 3, 2021.

    Stack Overflow Teams

    The IT infrastructure administration resolution supplier has addressed the problems in server software program model 10.5.5-2 launched on August 12, DIVD mentioned. An as-yet-undisclosed client-side vulnerability in Kaseya Unitrends stays unpatched, however the firm has revealed firewall rules that may be utilized to filter site visitors to and from the shopper and mitigate any danger related to the flaw. As a further precaution, it is recommended to not depart the servers accessible over the web.

    Though specifics associated to the vulnerabilities are sparse, the shortcomings concern an authenticated distant code execution vulnerability in addition to a privilege escalation flaw from read-only person to admin on Unitrends servers, each of which hinge on the chance that an attacker has already gained an preliminary foothold on a goal’s community, making them tougher to take advantage of.

    Prevent Data Breaches

    The disclosure comes shut to 2 months after the corporate suffered a crippling ransomware strike on its VSA on-premises product, resulting in the mysterious shutdown of REvil cybercrime syndicate within the following weeks. Kaseya has since shipped fixes for the zero-days that had been exploited to realize entry to the on-premise servers, and late final month, mentioned it obtained a common decryptor “to remediate prospects impacted by the incident.”





    Source link