Vulnerability CVE-2021-30116


Published: 2021-07-09

Description:
Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021.

Type:

CWE-522

(Insufficiently Protected Credentials)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Kaseya -> VSA 

 References:
https://csirt.divd.nl/2021/07/04/Kaseya-Case-Update-2/
https://csirt.divd.nl/2021/07/07/Kaseya-Limited-Disclosure/
https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689-Important-Notice-July-2nd-2021

Copyright 2021, cxsecurity.com

 

Back to Top