Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2015-6589

Published: 13/02/2020 Updated: 25/02/2020
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 660
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Kaseya

Vulnerability Summary

Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.0.0.0 prior to 7.0.0.33, 8..0.0.0 prior to 8.0.0.23, 9.0.0.0 prior to 9.0.0.19, and 9.1.0.0 prior to 9.1.0.9 allows remote authenticated users to write to and execute arbitrary files due to insufficient restrictions in file paths to json.ashx.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

kaseya virtual system administrator

Exploits

Exploit DB: Kaseya Virtual System Administrator (VSA) 7.0 < 9.1 - (Authenticated) Arbitrary File Upload
#!/usr/bin/ruby # # kazPwnrb - Kaseya VSA v7 to v91 authenticated arbitrary file upload (CVE-2015-6589 / ZDI-15-450) # =================== # by Pedro Ribeiro &lt;pedrib@gmailcom&gt; / Agile Information Security # Disclosure date: 28/09/2015 # # Usage: /kazPwnrb http[s]://&lt;host&gt;[:port] &lt;username&gt; &lt;password&gt; &lt;shellasp&gt; # ...
Exploit DB: Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities (2)
Kaseya VSA is an IT management platform for small and medium corporates From its console you can control thousands of computers and mobile devices So that if you own the Kaseya server, you own the organisation With this post I'm also releasing two Metasploit modules ([E1], [E2]) and a Ruby file ([E3]) that exploit the vulnerabilities described b ...
Exploit DB: Kaseya Virtual System Administrator Code Execution / Privilege Escalation
Kaseya Virtual System Administrator suffers from multiple code execution vulnerabilities and a privilege escalation vulnerability VSA versions 7000 through 70032, 8000 through 80022, 9000 through 90018, and 9100 through 9108 are affected ...

References

CWE-22http://packetstormsecurity.com/files/133782/Kaseya-Virtual-System-Administrator-Code-Execution-Privilege-Escalation.htmlhttps://www.exploit-db.com/exploits/38351/http://www.zerodayinitiative.com/advisories/ZDI-15-450https://www.securityfocus.com/bid/76838https://nvd.nist.govhttps://www.exploit-db.com/exploits/43882/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654CVE-2023-49606encryptionNULL pointer dereferenceCVE-2024-4439CVE-2024-4649race conditionCVE-2024-27202CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook