Quote:There are three new, unpatched zero-day vulnerabilities in Kaseya Unitrends that include remote code execution (RCE) and authenticated privilege escalation on the client-side.
The Dutch Institute for Vulnerability Disclosure (DIVD) on Monday issued a public advisory warning that the service and clients should be kept off the internet until there’s a patch.
Kaseya Unitrends is a cloud-based enterprise backup and disaster recovery technology that’s delivered as either disaster recovery-as-a-service (DRaaS) or as an add-on for the Kaseya Virtual System/Server Administrator (VSA) remote management platform. The flaws are in versions earlier than 10.5.2.
Quote:Do not expose this service or the clients (running default on ports 80, 443, 1743, 1745) directly to the internet until Kaseya has patched these vulnerabilities. —DIVD advisory
Read more: Three Zero-Day Bugs Plague Kaseya Unitrends Backup Servers | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
