返回 CVE 浏览器

CVE-2015-6589

HIGH

8.8

CVSS Severity Score

EPSS Score0.0520%

EPSS Percentile41.82th

Published2020年2月13日

Last Modified2024年11月21日

Vulnerability Description

Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote authenticated users to write to and execute arbitrary files due to insufficient restrictions in file paths to json.ashx.

Affected Platforms (CPE)

📦

Kaseya

Virtual System Administrator

>= 7.0.0.0 and < 7.0.0.33

📦

Kaseya

Virtual System Administrator

>= 8.0.0.0 and < 8.0.0.23

📦

Kaseya

Virtual System Administrator

>= 9.0.0.0 and < 9.0.0.19

📦

Kaseya

Virtual System Administrator

>= 9.1.0.0 and < 9.1.0.9

References & Advisories

🔗 http://packetstormsecurity.com/files/133782/Kaseya-Virtual-System-Administrator-Code-Execution-Privilege-Escalation.html

🔗 http://www.zerodayinitiative.com/advisories/ZDI-15-450

🔗 https://www.exploit-db.com/exploits/38351/

🔗 https://www.securityfocus.com/bid/76838

🔗 http://packetstormsecurity.com/files/133782/Kaseya-Virtual-System-Administrator-Code-Execution-Privilege-Escalation.html

🔗 http://www.zerodayinitiative.com/advisories/ZDI-15-450

🔗 https://www.exploit-db.com/exploits/38351/

🔗 https://www.securityfocus.com/bid/76838

相关漏洞威胁

CVE-2006-068610.0

add_user.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not check user privileges when adding a new adminis...

CVE-2015-69229.8

Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before 9.1.0.9 do...

CVE-2017-66409.8

A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log ...

CVE-2017-63988.8

An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execut...