CVE-2021-30116
CVSS V2 High 7.5
CVSS V3 Critical 9.8
Description
Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client for Windows and installs it, the file KaseyaD.ini is generated (C:\Program Files (x86)\Kaseya\XXXXXXXXXX\KaseyaD.ini) which contains an Agent_Guid and AgentPassword This Agent_Guid and AgentPassword can be used to log in on dl.asp (https://x.x.x.x/dl.asp?un=840997037507813&pw=113cc622839a4077a84837485ced6b93e440bf66d44057713cb2f95e503a06d9) This request authenticates the client and returns a sessionId cookie that can be used in subsequent attacks to bypass authentication. Security issues discovered --- * Unauthenticated download page leaks credentials * Credentials of agent software can be used to obtain a sessionId (cookie) that can be used for services not intended for use by agents * dl.asp accepts credentials via a GET request * Access to KaseyaD.ini gives an attacker access to sufficient information to penetrate the Kaseya installation and its clients. Impact --- Via the page /dl.asp enough information can be obtained to give an attacker a sessionId that can be used to execute further (semi-authenticated) attacks against the system.
Overview
- CVE ID
- CVE-2021-30116
- Assigner
- cve@mitre.org
- Vulnerability Status
- Modified
- Published Version
- 2021-07-09T14:15:07
- Last Modified Date
- 2022-07-12T17:42:04
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:kaseya:vsa_agent:*:*:*:*:*:*:*:* | 1 | OR | 9.5.0.24 | |
| cpe:2.3:a:kaseya:vsa_server:*:*:*:*:*:*:*:* | 1 | OR | 9.5.7a |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- Access Vector
- NETWORK
- Access Compatibility
- LOW
- Authentication
- NONE
- Confidentiality Impact
- PARTIAL
- Integrity Impact
- PARTIAL
- Availability Impact
- PARTIAL
- Base Score
- 7.5
- Severity
- HIGH
- Exploitability Score
- 10
- Impact Score
- 6.4
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Attack Vector
- NETWORK
- Attack Compatibility
- LOW
- Privileges Required
- NONE
- User Interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality Impact
- HIGH
- Availability Impact
- HIGH
- Base Score
- 9.8
- Base Severity
- CRITICAL
- Exploitability Score
- 3.9
- Impact Score
- 5.9
References
| Reference URL | Reference Tags |
|---|---|
| https://csirt.divd.nl/2021/07/04/Kaseya-Case-Update-2/ | Third Party Advisory |
| https://csirt.divd.nl/2021/07/07/Kaseya-Limited-Disclosure/ | Third Party Advisory |
| https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689-Important-Notice-July-2nd-2021 | Vendor Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2021-30116 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30116 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-04-04 00:41:58 | Added to TrackCVE | |||
| 2022-12-05 05:41:00 | 2021-07-09T14:15Z | 2021-07-09T14:15:07 | CVE Published Date | updated |
| 2022-12-05 05:41:00 | 2022-07-12T17:42:04 | CVE Modified Date | updated | |
| 2022-12-05 05:41:00 | Modified | Vulnerability Status | updated |