CVE-2015-6589

Name of the Vulnerable Software and Affected Versions Kaseya Virtual System Administrator versions 7.0.0.0 through 7.0.0.32 Kaseya Virtual System Administrator versions 8.0.0.0 through 8.0.0.22 Kaseya Virtual System Administrator versions 9.0.0.0 through 9.0.0.18 Kaseya Virtual System Administrator versions 9.1.0.0 through 9.1.0.8

Description The issue allows remote authenticated users to write to and execute arbitrary files due to insufficient restrictions in file paths to "json.ashx". This can lead to remote code execution.

Recommendations For versions 7.0.0.0 through 7.0.0.32, update to version 7.0.0.33 or later. For versions 8.0.0.0 through 8.0.0.22, update to version 8.0.0.23 or later. For versions 9.0.0.0 through 9.0.0.18, update to version 9.0.0.19 or later. For versions 9.1.0.0 through 9.1.0.8, update to version 9.1.0.9 or later. As a temporary workaround, consider restricting access to the "json.ashx" endpoint until a patch is applied.