Kaseya Releases Security Patches for Two New 0-Day Vulnerabilities in Unitrends Servers

Kaseya, a U.S. technology company, has issued security patches to address two zero-day vulnerabilities in its Unitrends enterprise backup and continuity solution, which could lead to privilege escalation and authenticated remote code execution. These flaws are part of a trio reported by researchers at the Dutch Institute for Vulnerability Disclosure (DIVD) on July 3, 2021. The vulnerabilities have been resolved in server software version 10.5.5-2, released on August 12. However, an undisclosed client-side vulnerability in Kaseya Unitrends remains unpatched. To mitigate associated risks, the company has provided firewall rules for traffic filtering and recommends not exposing servers to the internet.

Kaseya Releases Patches for Critical Zero-Day Vulnerabilities in Unitrends Servers

On August 27, 2021, Kaseya, a prominent U.S. technology firm specializing in IT infrastructure management, announced the release of security updates aimed at rectifying two critical zero-day vulnerabilities within its Unitrends enterprise backup and continuity solution. These vulnerabilities pose significant risks, potentially leading to privilege escalation and authenticated remote code execution, which could allow unauthorized access to sensitive data.

The vulnerabilities were identified by researchers from the Dutch Institute for Vulnerability Disclosure (DIVD) on July 3, 2021, as part of a broader suite of security concerns. In response to these findings, Kaseya launched server software version 10.5.5-2 on August 12, which addresses the identified weaknesses effectively.

However, it’s worth noting that one vulnerability related to client-side exposure remains unaddressed. While Kaseya has not yet published a fix for this issue, the company has provided guidance on implementing specific firewall rules to help filter traffic in and out of the affected clients. This measure serves as a proactive strategy to mitigate risks while the organization develops a comprehensive solution for the remaining vulnerability. Business owners are strongly advised against leaving their servers publicly accessible on the internet, as this could exacerbate potential security risks.

In evaluating the potential implications of these vulnerabilities, it is crucial for business leaders to understand the possible tactics and techniques that may have been employed in an exploit scenario. Within the framework provided by the MITRE ATT&CK Matrix, several tactics could be relevant, particularly those related to privilege escalation and initial access, which serve as common entry points for attackers. By gaining unauthorized privileges, adversaries could execute malicious code, leading to widespread disruption and data breaches.

The ongoing developments around these vulnerabilities indicate the importance of maintaining up-to-date security protocols and remaining vigilant in monitoring for unusual activity. Businesses that utilize Kaseya’s Unitrends solutions are urged to prioritize these updates and implement recommended firewall configurations to safeguard against potential exploits.

As the cybersecurity landscape continues to evolve, the incidents affecting Kaseya serve as a critical reminder for organizations to proactively evaluate their cybersecurity defenses. Ensuring robust security measures are in place not only protects sensitive data but also fortifies an organization’s overall resilience against emerging cyber threats.

Source link

Related Posts

Critical BadAlloc Vulnerability Impacts BlackBerry QNX in Millions of Vehicles and Medical Devices

August 18, 2021

A significant security flaw in older versions of BlackBerry’s QNX Real-Time Operating System (RTOS) poses a risk of enabling malicious actors to take control of various devices, including cars and medical equipment. This issue, identified as CVE-2021-22156 with a CVSS score of 9.0, is part of a larger series of vulnerabilities dubbed BadAlloc that was first revealed by Microsoft in April 2021. The flaw could potentially serve as a backdoor for attackers, allowing them to disrupt operations or commandeer devices. According to a bulletin from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), “A remote attacker could exploit CVE-2021-22156 to cause a denial-of-service condition or execute arbitrary code on affected devices.” As of now, there are no indications that this vulnerability has been actively exploited. BlackBerry QNX technology serves over 195 million vehicles and embedded systems globally.

Severe ThroughTek SDK Vulnerability Exposes Millions of IoT Devices to Spy Threats

A serious security flaw has been identified in multiple versions of the ThroughTek Kalay P2P Software Development Kit (SDK), potentially allowing remote attackers to gain control of vulnerable devices and execute harmful code. Labeled as CVE-2021-28372 (with a CVSS score of 9.6) and uncovered by FireEye Mandiant in late 2020, this issue involves improper access controls in ThroughTek’s point-to-point (P2P) products. If exploited, attackers could listen in on live audio, view real-time video streams, and compromise device credentials, leading to further attacks stemming from exposed functionalities. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), “successful exploitation of this vulnerability could enable remote code execution and unauthorized access to sensitive information, including audio/video feeds from cameras.” There are estimated to be 83 million active devices vulnerable to this flaw.

New Microsoft Exchange ‘ProxyToken’ Vulnerability Allows Attackers to Alter Mailbox Configurations

Details have surfaced regarding a recently patched security flaw in Microsoft Exchange Server that could be exploited by unauthenticated attackers to change server settings, potentially exposing Personally Identifiable Information (PII). The vulnerability, identified as CVE-2021-33766 (CVSS score: 7.3) and referred to as “ProxyToken,” was found by Le Xuan Tuyen, a researcher at the Information Security Center of Vietnam Posts and Telecommunications Group (VNPT-ISC), and reported through the Zero-Day Initiative (ZDI) program in March 2021. According to the ZDI, “With this vulnerability, an unauthenticated attacker can perform configuration actions on mailboxes belonging to arbitrary users.” For instance, the attacker could redirect all emails sent to a targeted account to a mailbox they control. Microsoft addressed this issue in its Patch Tuesday updates for July 2021.

Vulnerability in Linphone SIP Stack Could Allow Attackers to Remotely Crash Client Devices

On September 1, 2021, cybersecurity researchers revealed a zero-click vulnerability in the Linphone Session Initiation Protocol (SIP) stack. This flaw can be exploited remotely to crash the SIP client without any action needed from the victim, leading to a denial-of-service (DoS) condition. Identified as CVE-2021-33056 (with a CVSS score of 7.5), it arises from a NULL pointer dereference in the “belle-sip” component, a C-language library that supports SIP transport, transactions, and dialog layers. All versions prior to 4.5.20 are affected. The vulnerability was discovered and reported by the cybersecurity company Claroty. Linphone is an open-source, cross-platform SIP client that facilitates voice and video calls, end-to-end encrypted messaging, and audio conferences. SIP is the signaling protocol used to initiate, maintain, and terminate real-time multimedia communication sessions.