HIGH🇵🇱 Wersja polska

CVE-2017-12410

CVSS 7.4v3.0pub. 2018-03-26upd. 2024-11-21

It is possible to exploit a Time of Check & Time of Use (TOCTOU) vulnerability by winning a race condition when Kaseya Virtual System Administrator agent 9.3.0.11 and earlier tries to execute its binaries from working and/or temporary folders. Successful exploitation results in the execution of arbitrary programs with "NT AUTHORITY\SYSTEM" privileges.

CVSS Vector
CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Kaseya Virtual System Administrator

    APP
    Kaseya
    ≤ 9.3.0.11
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Race Condition
CWE
References

Related vulnerabilities

CVE-2018-20753CRITICAL9.8⚠ KEVten sam produkt

Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote ...

CVE-2015-6922CRITICAL9.8ten sam produkt

Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9...

CVE-2015-6589HIGH8.8ten sam produkt

Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.0.0.0 before 7.0.0.33, 8..0.0...

CVE-2019-15506HIGH7.5ten sam produkt

An issue was discovered in Kaseya Virtual System Administrator (VSA) through 9.4.0.37. It has a critical infor...

CVE-2015-2863MEDIUM4.3ten sam produkt

Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0...