CVE-2017-18362

CRITICAL KEV RANSOMWARE NUCLEI

Kaseya VSA 2017 ConnectWise ManagedITSync - Remote Code Execution

Title source: nuclei

Description

ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware payloads on all endpoints managed by the VSA server. If the ManagedIT.asmx page is available via the Kaseya VSA web interface, anyone with access to the page is able to run arbitrary SQL queries, both read and write, without authentication.

Exploits (1)

vulncheck_xdb

infoleak

https://github.com/yawningmoney/CVE-2017-18362-LAB

View on vulncheck_xdb

Nuclei Templates (1)

Kaseya VSA 2017 ConnectWise ManagedITSync - Remote Code Execution

CRITICALby pussycat0x

References (4)

[Third Party Advisory] http://archive.today/rdkeQ

[Exploit, Third Party Advisory] https://github.com/kbni/owlky

View Exploit ZIP pw:eip

[Broken Link, Third Party Advisory] https://webcache.googleusercontent.com/search?q=cache:ZEo8ZRF_iEIJ:https://helpdesk.kaseya.com/hc/en-gb/articles/360022495572-Connectwise-API-Vulnerability+

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-18362

Scores

CVSS v3 9.8

EPSS 0.8030

EPSS Percentile 99.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-05-24

VulnCheck KEV 2019-02-08

InTheWild.io 2019-02-22

ENISA EUVD EUVD-2017-9480

Ransomware Use Confirmed

CWE

CWE-89

Status published

Products (1)

connectwise/manageditsync < 2017

Published Feb 05, 2019

KEV Added May 24, 2022

Tracked Since Feb 18, 2026