Security News > 2021 > August > Kaseya Issues Patches for Two New 0-Day Flaws Affecting Unitrends Servers

Kaseya Issues Patches for Two New 0-Day Flaws Affecting Unitrends Servers
2021-08-27 02:24

U.S. technology firm Kaseya has released security patches to address two zero-day vulnerabilities affecting its Unitrends enterprise backup and continuity solution that could result in privilege escalation and authenticated remote code execution.

The two weaknesses are part of a trio of vulnerabilities discovered and reported by researchers at the Dutch Institute for Vulnerability Disclosure on July 3, 2021.

The IT infrastructure management solution provider has addressed the issues in server software version 10.5.5-2 released on August 12, DIVD said.

An as-yet-undisclosed client-side vulnerability in Kaseya Unitrends remains unpatched, but the company has published firewall rules that can be applied to filter traffic to and from the client and mitigate any risk associated with the flaw.

Although specifics related to the vulnerabilities are sparse, the shortcomings concern an authenticated remote code execution vulnerability as well as a privilege escalation flaw from read-only user to admin on Unitrends servers, both of which hinge on the possibility that an attacker has already gained an initial foothold on a target's network, making them more difficult to exploit.

The disclosure comes close to two months after the company suffered a crippling ransomware strike on its VSA on-premises product, leading to the mysterious shutdown of REvil cybercrime syndicate in the following weeks.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/TenBUQdnaxw/kaseya-issues-patches-for-two-new-0-day.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Kaseya 6 2 10 11 12 35
Unitrends 2 0 2 4 4 10