← back
CVE-2018-20753

CVE-2018-20753

CVSS 9.8 CRITICALEPSS 29.6%● KEV
In short

Kaseya VSA, a remote management tool, allowed attackers to run malicious PowerShell commands on all computers managed by the system without needing special permissions. This was actively exploited by criminals in January 2018.

Technical detail

Unauthenticated remote attackers could execute arbitrary PowerShell payloads on all managed endpoints through Kaseya VSA versions prior to R9.3 9.3.0.35, R9.4 9.4.0.36, and R9.5 9.5.0.5. The vulnerability required no authentication or user interaction and had widespread impact across managed device networks.

Summary generated and translated by AI from the official description.
Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote attackers to execute PowerShell payloads on all managed devices. In January 2018, attackers actively exploited this vulnerability in the wild.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://blog.huntresslabs.com/deep-dive-kaseya-vsa-mining-payload-c0ac839a0e88https://helpdesk.kaseya.com/hc/en-gb/articles/360000333152https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-20753