CyberSec.Space Logo
Back to CVE Browser

CVE-2015-6589

HIGH
8.8
CVSS Severity Score
EPSS Score0.0520%
EPSS Percentile41.82th
PublishedFeb 13, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote authenticated users to write to and execute arbitrary files due to insufficient restrictions in file paths to json.ashx.

Affected Platforms (CPE)

πŸ“¦
Kaseya

Virtual System Administrator

>= 7.0.0.0 and < 7.0.0.33
πŸ“¦
Kaseya

Virtual System Administrator

>= 8.0.0.0 and < 8.0.0.23
πŸ“¦
Kaseya

Virtual System Administrator

>= 9.0.0.0 and < 9.0.0.19
πŸ“¦
Kaseya

Virtual System Administrator

>= 9.1.0.0 and < 9.1.0.9

References & Advisories

πŸ”— http://packetstormsecurity.com/files/133782/Kaseya-Virtual-System-Administrator-Code-Execution-Privilege-Escalation.html
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-15-450
πŸ”— https://www.exploit-db.com/exploits/38351/
πŸ”— https://www.securityfocus.com/bid/76838
πŸ”— http://packetstormsecurity.com/files/133782/Kaseya-Virtual-System-Administrator-Code-Execution-Privilege-Escalation.html
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-15-450
πŸ”— https://www.exploit-db.com/exploits/38351/
πŸ”— https://www.securityfocus.com/bid/76838

Related Vulnerabilities

CVE-2006-068610.0

add_user.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not check user privileges when adding a new adminis...

CVE-2015-69229.8

Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before 9.1.0.9 do...

CVE-2017-66409.8

A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log ...

CVE-2017-63988.8

An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execut...