Security News > 2021 > July > Three Zero-Day Bugs Plague Kaseya Unitrends Backup Servers
There are three new, unpatched zero-day vulnerabilities in Kaseya Unitrends that include remote code execution and authenticated privilege escalation on the client-side.
Kaseya Unitrends is a cloud-based enterprise backup and disaster recovery technology that's delivered as either disaster recovery-as-a-service or as an add-on for the Kaseya Virtual System/Server Administrator remote management platform.
DIVD discovered the flaws on July 2 and reported them to Kaseya on July 3.
On July 14, the DIVD started daily scans to detect vulnerable Kaseya Unitrends servers.
Threatpost has reached out to Kaseya to find out when we can expect a patch.
As Kaseya rushed to restore the software-as-a-service version of its ransomware-clobbered VSA, the SaaS deployment, as well as the patch for the on-premises version, hit a snag and was delayed.
News URL
https://threatpost.com/zero-days-kaseya-unitrends-backup-servers/168180/
Related news
- CentreStack RCE exploited as zero-day to breach file sharing servers (source)
- Türkiye Hackers Exploited Output Messenger Zero-Day to Drop Golang Backdoors on Kurdish Servers (source)
- Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server (source)
- Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers (source)