CVE-2017-18362

Name of the Vulnerable Software and Affected Versions Kaseya VSA versions through 2017

Description The issue allows unauthenticated remote commands, providing full direct access to the Kaseya VSA database. Attackers have exploited this in the wild to download and execute ransomware payloads on all endpoints managed by the VSA server. If the ManagedIT.asmx page is available via the Kaseya VSA web interface, anyone with access to the page can run arbitrary SQL queries, both read and write, without authentication.

Recommendations For versions through 2017, as a temporary workaround, consider restricting access to the ManagedIT.asmx page to minimize the risk of exploitation. Avoid using the Kaseya VSA web interface to run SQL queries until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.