A security vulnerability was found in Kaseya VSA file download file
functionality. Using this vulnerability an authenticated user in a
Kaseya VSA environment is able to download arbitrary files from the
server (including source code of Kaseya, the database backups,
configuration files, and even windows files).
Arbitrary file read in Kaseya VSA
------------------------------------------------------------------------
Kin Hung Cheng, Robert Hartshorn, May 2017
------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A security vulnerability was found in Kaseya VSA file download file
functionality. Using this vulnerability an authenticated user in a
Kaseya VSA environment is able to download arbitrary files from the
server (including source code of Kaseya, the database backups,
configuration files, and even windows files).
------------------------------------------------------------------------
Tested versions
------------------------------------------------------------------------
This issue was successfully tested on version R9.2
------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
Patch to the latest version of VSA.
------------------------------------------------------------------------
Details
------------------------------------------------------------------------
https://www.securify.nl/advisory/SFY20170502/arbitrary-file-read-in-kase
ya-vsa.html
[ reply ]