Three Zero-Day Bugs Plague Kaseya Unitrends Backup Servers

2021-07-27 15:43

There are three new, unpatched zero-day vulnerabilities in Kaseya Unitrends that include remote code execution and authenticated privilege escalation on the client-side.

Kaseya Unitrends is a cloud-based enterprise backup and disaster recovery technology that's delivered as either disaster recovery-as-a-service or as an add-on for the Kaseya Virtual System/Server Administrator remote management platform.

DIVD discovered the flaws on July 2 and reported them to Kaseya on July 3.

On July 14, the DIVD started daily scans to detect vulnerable Kaseya Unitrends servers.

Threatpost has reached out to Kaseya to find out when we can expect a patch.

As Kaseya rushed to restore the software-as-a-service version of its ransomware-clobbered VSA, the SaaS deployment, as well as the patch for the on-premises version, hit a snag and was delayed.

News URL

https://threatpost.com/zero-days-kaseya-unitrends-backup-servers/168180/

#backup #server #zeroday

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Kaseya		6	0	5	14	13	32
Unitrends		2	0	1	3	4	8

News URL

Related news

Related vendor