CVE-2019-14510

Name of the Vulnerable Software and Affected Versions Kaseya VSA RMM versions through 9.5.0.22

Description An issue in the default configuration of the LAN Cache feature creates a local account FSAdminxxxxxxxxx on the server and clients assigned to the LAN Cache, adding it to the local Administrators group. On Domain Controllers, this account is created as a domain account and added to the domain BUILTINAdministrators group. An attacker can use Pass-the-Hash techniques with the FSAdminxxxxxxxxx hash from any LAN Cache client to gain administrative rights on any Domain Controller.

Recommendations For versions through 9.5.0.22, consider disabling the LAN Cache feature to prevent the creation of the FSAdminxxxxxxxxx account until a patch is available. Restrict access to the local Administrators group and the domain BUILTINAdministrators group to minimize the risk of exploitation. Avoid using the default configuration of the LAN Cache feature until the issue is resolved.