Home > Cyber News > Kaseya Releases Patches and Mitigations Addresing the Unitrends Flaws
CYBER NEWS

Kaseya Releases Patches and Mitigations Addresing the Unitrends Flaws

kaseya unitrends mitigations
In July, Kaseya announced three new zero-day vulnerabilities impacting its Kaseya Unitrends service. The vulnerabilities were represented by an authenticated RCE flaw on the server, a privilege escalation flaw from read-only user to admin on the server, and an undisclosed issue on the client side.




According to the then published public advisory warning, the Kaseya service should have been kept off the internet until a patch was made available. “Do not expose this service or the clients directly to the internet until Kaseya has patched these vulnerabilities,” DIVD CSIRT’s recommendation said.

How were the three Kaseya Unitrends vulnerabilities discovered?

“The Dutch Institute for Vulnerability Disclosure (DIVD) performs a daily scan to detect vulnerable Kaseya Unitrends servers and notify the owners directly or via the known abuse channels, Gov-CERTs and CSIRTs, and other trusted channels,” according to the original advisory.
Following these events, on August 12, the company released version 10.5.5-2 of Unitrends that patched the server side flaws. However, the client-side vulnerability remains unpatched. Thus,

Patch and Mitigate, Says Kaseya

Kaseya is now urging users to mitigate the issue via Firewall rules according to their best practices and requirements. The company has also provided a knowledge base article about “whitelisting of appliances connecting to assets while restricting all other IPs from connecting to ports where Unitrends agent services are running.”

Unitrends customers are advised to patch the vulnerable servers and apply the mitigations for the client-side issue.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...