CVE-2021-30118

Name of the Vulnerable Software and Affected Versions Kaseya VSA Unified Remote Monitoring & Management (RMM) version 9.5.4.2149

Description The issue allows an attacker to upload files with arbitrary content to any location the web server has write access to, including the webroot, due to an unauthenticated arbitrary file upload vulnerability in the /SystemTab/uploader.aspx API endpoint. This can lead to remote code execution (RCE) as the attacker can upload files with code, such as ASPX code, to the webroot and then execute this code in the context of the web server. The qqfile parameter controls the name of the file written, and the PathData parameter controls the location of the file written. Although a sessionId cookie is required, it is not validated, allowing any numeric value to be accepted as valid. This vulnerability can result in a full system compromise, breaching the integrity, confidentiality, or availability of the system, or stealing credentials of other users.

Recommendations For Kaseya VSA Unified Remote Monitoring & Management (RMM) version 9.5.4.2149, update to version 9.5.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the /SystemTab/uploader.aspx API endpoint to minimize the risk of exploitation. Additionally, restrict the web server's write access to sensitive locations on the hard drive to limit potential damage.