Back to CVE Browser

CVE-2018-20753

Known Exploited (CISA KEV)CRITICAL

9.8

CVSS Severity Score

EPSS Score64.7710%

EPSS Percentile96.25th

PublishedFeb 5, 2019

Last ModifiedNov 7, 2025

Vulnerability Description

Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote attackers to execute PowerShell payloads on all managed devices. In January 2018, attackers actively exploited this vulnerability in the wild.

Affected Platforms (CPE)

📦

Kaseya

Virtual System Administrator

>= 9.3 and < 9.3.0.35

📦

Kaseya

Virtual System Administrator

>= 9.4 and < 9.4.0.36

📦

Kaseya

Virtual System Administrator

>= 9.5 and < 9.5.0.5

References & Advisories

🔗 https://blog.huntresslabs.com/deep-dive-kaseya-vsa-mining-payload-c0ac839a0e88

🔗 https://helpdesk.kaseya.com/hc/en-gb/articles/360000333152

🔗 https://blog.huntresslabs.com/deep-dive-kaseya-vsa-mining-payload-c0ac839a0e88

🔗 https://helpdesk.kaseya.com/hc/en-gb/articles/360000333152

🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-20753

Related Vulnerabilities

CVE-2006-068610.0

add_user.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not check user privileges when adding a new adminis...

CVE-2017-66409.8

A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log ...

CVE-2015-69229.8

Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before 9.1.0.9 do...

CVE-2015-65898.8

Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, ...