CVE-2017-18362
CVE-2017-18362
In short
The ConnectWise ManagedITSync integration in Kaseya VSA allowed attackers to run any SQL command directly on the database without logging in, giving them complete control over the system and all computers managed by it.
Technical detail
An unauthenticated SQL injection vulnerability in the ManagedIT.asmx endpoint (CWE-89) permits direct database access via arbitrary SQL queries without authentication. Remote attackers can read and write database contents, enabling full system compromise and lateral movement to all managed endpoints. This was actively exploited in February 2019 for ransomware deployment.
Summary generated and translated by AI from the official description.
ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware payloads on all endpoints managed by the VSA server. If the ManagedIT.asmx page is available via the Kaseya VSA web interface, anyone with access to the page is able to run arbitrary SQL queries, both read and write, without authentication.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://archive.today/rdkeQhttps://github.com/kbni/owlkyhttps://webcache.googleusercontent.com/search?q=cache:ZEo8ZRF_iEIJ:https://helpdesk.kaseya.com/hc/en-gb/articles/360022495572-Connectwise-API-Vulnerability+https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-18362