CVE-2015-6922

Name of the Vulnerable Software and Affected Versions Kaseya Virtual System Administrator (VSA) versions 7.x through 7.0.0.32 Kaseya Virtual System Administrator (VSA) versions 8.x through 8.0.0.22 Kaseya Virtual System Administrator (VSA) versions 9.0 through 9.0.0.18 Kaseya Virtual System Administrator (VSA) versions 9.1 through 9.1.0.8

Description The issue allows remote attackers to bypass authentication. This can be achieved by sending a crafted request to "LocalAuth/setAccount.aspx" to add an administrative account, or by writing to and executing arbitrary files via a full pathname in the PathData parameter to "ConfigTab/uploader.aspx".

Recommendations For versions 7.x through 7.0.0.32, update to version 7.0.0.33 or later. For versions 8.x through 8.0.0.22, update to version 8.0.0.23 or later. For versions 9.0 through 9.0.0.18, update to version 9.0.0.19 or later. For versions 9.1 through 9.1.0.8, update to version 9.1.0.9 or later.