CVE-2015-6922

CRITICAL

Kaseya Virtual System Administrator < 7.0.0.33 - Authentication Bypass

Title source: rule

Description

Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before 9.1.0.9 does not properly require authentication, which allows remote attackers to bypass authentication and (1) add an administrative account via crafted request to LocalAuth/setAccount.aspx or (2) write to and execute arbitrary files via a full pathname in the PathData parameter to ConfigTab/uploader.aspx.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/38401

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Pedro Ribeiro · textwebappsasp

https://www.exploit-db.com/exploits/38351

View Code ZIP pw:eip

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/kaseya_master_admin.rb

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/kaseya_uploader.rb

View Code ZIP pw:eip

References (5)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/133782/Kaseya-Virtual-System-Administrator-Code-Execution-Privilege-Escalation.html

[Third Party Advisory, VDB Entry] http://www.zerodayinitiative.com/advisories/ZDI-15-448

[Third Party Advisory, VDB Entry] http://www.zerodayinitiative.com/advisories/ZDI-15-449

[Broken Link, Vendor Advisory] https://helpdesk.kaseya.com/entries/96164487--Kaseya-Security-Advisory

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/38351/

Scores

CVSS v3 9.8

EPSS 0.7780

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-287

Status published

Products (1)

kaseya/virtual_system_administrator 7.0.0.0 - 7.0.0.33

Published Feb 17, 2020

Tracked Since Feb 18, 2026