Vulnerability Note VU#919604
Kaseya Virtual System Administrator contains multiple vulnerabilities
Original Release date: 13 Jul 2015 | Last revised: 13 Jul 2015

Overview
Kaseya Virtual System Administrator (VSA), versions R9 and possibly earlier, contains arbitrary file download and open redirect vulnerabilities.

Description
CWE-22: Improper Limitation of Pathname to a Restricted Directory (‘Path Traversal’) – CVE-2015-2862
Kaseya VSA is an IT management platform with a help desk ticketing system. An authenticated attacker can traverse directories and download arbitrary files by submitting a specially crafted HTTP request to the server hosting the VSA software.

CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’) – CVE-2015-2863

Kaseya VSA, versions V7.x, R8.x and R9.x, contain an open redirect vulnerability. An attacker may be able to leverage users’ trust in the domain to induce them to visit a site with malicious content.

The CVSS score below refers to CVE-2015-2862.

Impact
A remote, authenticated attacker can download arbitrary files. A remote, unauthenticated attacker may be able to redirect users to arbitrary web sites.

Solution
Apply an update

The vendor has released the following patches to address these issues:

R9.1: install patch 9.1.0.4
R9.0: install patch 9.0.0.14
R8.0: install patch 8.0.0.18
V7.0: install patch 7.0.0.29

Vendor Information (Learn More)

VendorStatusDate NotifiedDate UpdatedKaseya, Inc.Unknown27 Apr 201527 Apr 2015If you are a vendor and your product is affected, let
us know.

CVSS Metrics (Learn More)

Group
Score
Vector

Base
4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal
3.4
E:POC/RL:OF/RC:C

Environmental
2.5
CDP:N/TD:M/CR:ND/IR:ND/AR:ND

References

http://www.kaseya.com/solutions/virtual-administrator
http://cwe.mitre.org/data/definitions/22.html
http://cwe.mitre.org/data/definitions/601.html

Credit

Thanks to Pedro Ribeiro (pedrib@gmail.com) of Agile Information Security for reporting these vulnerabilities.
This document was written by Joel Land.

Other Information

CVE IDs:
CVE-2015-2862
CVE-2015-2863

Date Public:
13 Jul 2015

Date First Published:
13 Jul 2015

Date Last Updated:
13 Jul 2015

Document Revision:
13

FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email.

Leave a Reply