CVE-2018-20753

CRITICAL KEV RANSOMWARE

Kaseya VSA RMM <R9.3.0.35-R9.4.0.36-R9.5.0.5 - Code Injection

Title source: llm

Description

Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote attackers to execute PowerShell payloads on all managed devices. In January 2018, attackers actively exploited this vulnerability in the wild.

References (3)

[Exploit, Third Party Advisory] https://blog.huntresslabs.com/deep-dive-kaseya-vsa-mining-payload-c0ac839a0e88

[Vendor Advisory] https://helpdesk.kaseya.com/hc/en-gb/articles/360000333152

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-20753

Scores

CVSS v3 9.8

EPSS 0.3771

EPSS Percentile 97.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-04-13

VulnCheck KEV 2018-01-30

InTheWild.io 2019-10-03

ENISA EUVD EUVD-2018-13296

Ransomware Use Confirmed

Status published

Products (1)

kaseya/virtual_system_administrator 9.3 - 9.3.0.35

Published Feb 05, 2019

KEV Added Apr 13, 2022

Tracked Since Feb 18, 2026