CVE-2018-20753
CRITICAL KEV RANSOMWAREKaseya VSA RMM <R9.3.0.35-R9.4.0.36-R9.5.0.5 - Code Injection
Title source: llmExploitation Summary
CVE-2018-20753 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added April 13, 2022, with confirmed use in ransomware campaigns.
Description
Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote attackers to execute PowerShell payloads on all managed devices. In January 2018, attackers actively exploited this vulnerability in the wild.
References (3)
Core 3
Core References
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-20753
Exploit, Third Party Advisory x_refsource_misc
https://blog.huntresslabs.com/deep-dive-kaseya-vsa-mining-payload-c0ac839a0e88
Vendor Advisory x_refsource_misc
https://helpdesk.kaseya.com/hc/en-gb/articles/360000333152
Scores
CVSS v3
9.8
EPSS
0.4793
EPSS Percentile
97.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
yes
Technical Impact
total
Details
CISA KEV
2022-04-13
VulnCheck KEV
2018-01-30
InTheWild.io
2019-10-03
ENISA EUVD
EUVD-2018-13296
Ransomware Use
Confirmed
Status
published
Products (1)
kaseya/virtual_system_administrator
9.3 - 9.3.0.35
Published
Feb 05, 2019
KEV Added
Apr 13, 2022
Tracked Since
Feb 18, 2026