This PowerShell script exploits a privilege escalation vulnerability in Kaseya VSA agent <= 9.5 by monitoring the default working directory for script files and appending malicious code to them before execution, leveraging excessive permissions granted to low-privileged users.
Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target:Kaseya VSA agent <= 9.5
Auth required
Prerequisites:Authenticated access to the system · Kaseya VSA agent installed and running · Default folder permissions on C:\kworking