CVE-2015-2862

Kaseya Virtual System Administrator 7.x-7.0.0.29 8.x-8.0.0.18 9.0-9.0.0.14 9.1-9.1.0.4 - Authenticated Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-2862.

AI-analyzed exploit summary The document details two vulnerabilities in Kaseya Virtual System Administrator: an authenticated arbitrary file download (CVE-2015-2862) via path traversal in Downloader.ashx and an unauthenticated open redirect (CVE-2015-2863) in supportLoad.asp and LocalProxy.ashx. It includes technical details, affected versions, and mitigation steps.

Description

Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote authenticated users to read arbitrary files via a crafted HTTP request.

Exploits (1)

exploitdb WRITEUP
webappswindows
https://www.exploit-db.com/exploits/37621

The document details two vulnerabilities in Kaseya Virtual System Administrator: an authenticated arbitrary file download (CVE-2015-2862) via path traversal in Downloader.ashx and an unauthenticated open redirect (CVE-2015-2863) in supportLoad.asp and LocalProxy.ashx. It includes technical details, affected versions, and mitigation steps.

Classification
Writeup 100%
Attack Type
Info Leak | Other
Complexity
Trivial
Reliability
Reliable
Target: Kaseya Virtual System Administrator (v7 to v9.1)
Auth required
Prerequisites: Valid login credentials for CVE-2015-2862 · Network access to the target
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/919604

Scores

EPSS 0.0948
EPSS Percentile 94.8%

Details

CWE
CWE-22
Status published
Products (1)
kaseya/virtual_system_administrator 7.0 - 7.0.0.29
Published Jul 20, 2015
Tracked Since Feb 18, 2026