Geeks for your information
Three Zero-Day Bugs Plague Kaseya Unitrends Backup Servers - Printable Version

+- Geeks for your information (https://www.geeks.fyi)
+-- Forum: News (https://www.geeks.fyi/forumdisplay.php?fid=105)
+--- Forum: Privacy & Security News (https://www.geeks.fyi/forumdisplay.php?fid=107)
+--- Thread: Three Zero-Day Bugs Plague Kaseya Unitrends Backup Servers (/showthread.php?tid=15721)



Three Zero-Day Bugs Plague Kaseya Unitrends Backup Servers - silversurfer - 28 July 21

Quote:There are three new, unpatched zero-day vulnerabilities in Kaseya Unitrends that include remote code execution (RCE) and authenticated privilege escalation on the client-side.
 
The Dutch Institute for Vulnerability Disclosure (DIVD) on Monday issued a public advisory warning that the service and clients should be kept off the internet until there’s a patch.
 
Kaseya Unitrends is a cloud-based enterprise backup and disaster recovery technology that’s delivered as either disaster recovery-as-a-service (DRaaS) or as an add-on for the Kaseya Virtual System/Server Administrator (VSA) remote management platform. The flaws are in versions earlier than 10.5.2.
Quote:Do not expose this service or the clients (running default on ports 80, 443, 1743, 1745) directly to the internet until Kaseya has patched these vulnerabilities. —DIVD advisory

Read more: Three Zero-Day Bugs Plague Kaseya Unitrends Backup Servers | Threatpost