{"id":2646,"date":"2021-07-27T13:35:43","date_gmt":"2021-07-27T08:05:43","guid":{"rendered":"https:\/\/xiarch.com\/blog\/?p=2646"},"modified":"2021-07-27T13:35:46","modified_gmt":"2021-07-27T08:05:46","slug":"security-researchers-alert-of-unpatched-kaseya-backup-vulnerabilities","status":"publish","type":"post","link":"https:\/\/xiarch.com\/blog\/security-researchers-alert-of-unpatched-kaseya-backup-vulnerabilities\/","title":{"rendered":"Security Researchers Alert of Unpatched Kaseya Backup Vulnerabilities"},"content":{"rendered":"\n<p><p style=\"text-align: justify;\">Researchers alert of three new zero-day vulnerabilities in Kaseya. Unitrends services and advise users not to reveal the service on the Internet. Kaseya Unitrends is a cloud-based enterprise backup and disaster recovery solution that is provided as a stand-alone solution or as an add-on for the Kaseya VSA remote management platform.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">In last week, the Dutch Institute for Vulnerability Disclosure (DIVD) expressed a TLP: AMBER advisory about three unpatched vulnerabilities in Kaseya Unitrends backup products. Whereas, DIVI releases this advisory under the TLP: AMBER designation, DIVD chairperson Victor Gevers told our experts that it was originally transmitted with 68 government CERTs under a coordinated disclosure.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">Although, one of the receivers uploaded it to an online examination platform, where it became public to those with access to the service. \u201cAfter two days, an Information Sharing and Analysis Center warned us that one of the GovCERTs has transmitted the email to an association\u2019s services desk operating in the Financial Service in that country,\u201d Gevers told our experts.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">\u201cAn employee of an organization uploaded the TLP: AMBER labeled directly to an online examine platform and transmitted it\u2019s data to all the users of that platform; because we do not have an account on that platform, we urgently urged for removing this file.\u201d<\/p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What are the Kaseya Unitrends Vulnerabilities?<\/strong><\/h2>\n\n\n\n<p><p style=\"text-align: justify;\">In previous days, DIVD released a public advisory alerting that zero-day vulnerabilities have been founded in Kaseya Unitrends versions earlier than 10.5.2 and to not reveal the service on the Internet.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">\u201cDo not disclose this service or the clients (working on default ports 80, 443, 1743, 1745) directly to the internet until or unless Kaseya has patched these vulnerabilities,\u201d mentioned in DIVD\u2019s advisory.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">The vulnerabilities are directly impacting the Kaseya Unitrends backup services which consist up of a combination of unauthenticated remote code execution, authenticated privilege escalation, and unauthenticated remote code execution on the client-side.<\/p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Why these Vulnerabilities are more difficult to Exploit?<\/strong><\/h2>\n\n\n\n<p><p style=\"text-align: justify;\">Unlike the Kaseya VSA zero-day utilization as part of the July 2nd REvil ransomware attack, these vulnerabilities are more difficult to exploit.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">That\u2019s the reason a threat actor would require a valid user to execute remote code execution or privilege escalation on the publicly disclosed Kaseya Unitrends service. Moreover, the threat actor would already be required to have hijacked a customer network to exploit the unauthenticated client RCE.<\/p><\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img decoding=\"async\" loading=\"lazy\" width=\"364\" height=\"138\" src=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/07\/Security-Researchers-Alert-of-Unpatched-Kaseya-Backup-Vulnerabilities-image1.jpg\" alt=\"Security-Researchers-Alert-of-Unpatched-Kaseya-Backup-Vulnerabilities-image1\" class=\"wp-image-2649\" srcset=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/07\/Security-Researchers-Alert-of-Unpatched-Kaseya-Backup-Vulnerabilities-image1.jpg 364w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/07\/Security-Researchers-Alert-of-Unpatched-Kaseya-Backup-Vulnerabilities-image1-300x114.jpg 300w\" sizes=\"(max-width: 364px) 100vw, 364px\" \/><\/figure><\/div>\n\n\n\n<p><p style=\"text-align: justify;\">DIVD discovered the vulnerabilities on July 2nd, 2021, and revealed them to Kaseya on the 3rd of July. On the 14th of July, DIVD starts scanning the Internet for exposed Kaseya Unitrends instances to discover vulnerable systems.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">DIVD will try to inform owners of vulnerable systems to get them offline until a patch is released. Gevers told our experts that the amount of vulnerable instances is very low, but they have been in the critical case of industries.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">Our experts tried to reach to Kaseya to know when the patch will be released but have not got any revert at this time.<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researchers alert of three new zero-day vulnerabilities in Kaseya. Unitrends services and advise users not to reveal the service on the Internet. Kaseya Unitrends is a cloud-based enterprise backup and disaster recovery solution that is provided as a stand-alone solution or as an add-on for the Kaseya VSA remote management platform. In last week, the [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":2648,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.11 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Security Researchers Alert of Unpatched Kaseya Backup Vulnerabilities - Xiarch Solutions Private Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiarch.com\/blog\/security-researchers-alert-of-unpatched-kaseya-backup-vulnerabilities\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Security Researchers Alert of Unpatched Kaseya Backup Vulnerabilities - Xiarch Solutions Private Limited\" \/>\n<meta property=\"og:description\" content=\"Researchers alert of three new zero-day vulnerabilities in Kaseya. Unitrends services and advise users not to reveal the service on the Internet. Kaseya Unitrends is a cloud-based enterprise backup and disaster recovery solution that is provided as a stand-alone solution or as an add-on for the Kaseya VSA remote management platform. In last week, the [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiarch.com\/blog\/security-researchers-alert-of-unpatched-kaseya-backup-vulnerabilities\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiarch Solutions Private Limited\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xiarch\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-07-27T08:05:43+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-07-27T08:05:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/07\/Security-Researchers-Alert-of-Unpatched-Kaseya-Backup-Vulnerabilities-featured-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Xiarch Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xiarch\" \/>\n<meta name=\"twitter:site\" content=\"@xiarch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Xiarch Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/xiarch.com\/blog\/security-researchers-alert-of-unpatched-kaseya-backup-vulnerabilities\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/security-researchers-alert-of-unpatched-kaseya-backup-vulnerabilities\/\"},\"author\":{\"name\":\"Xiarch Security\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\"},\"headline\":\"Security Researchers Alert of Unpatched Kaseya Backup Vulnerabilities\",\"datePublished\":\"2021-07-27T08:05:43+00:00\",\"dateModified\":\"2021-07-27T08:05:46+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/xiarch.com\/blog\/security-researchers-alert-of-unpatched-kaseya-backup-vulnerabilities\/\"},\"wordCount\":493,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"articleSection\":[\"Vulnerabilities\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/xiarch.com\/blog\/security-researchers-alert-of-unpatched-kaseya-backup-vulnerabilities\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/xiarch.com\/blog\/security-researchers-alert-of-unpatched-kaseya-backup-vulnerabilities\/\",\"url\":\"https:\/\/xiarch.com\/blog\/security-researchers-alert-of-unpatched-kaseya-backup-vulnerabilities\/\",\"name\":\"Security Researchers Alert of Unpatched Kaseya Backup Vulnerabilities - Xiarch Solutions Private Limited\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#website\"},\"datePublished\":\"2021-07-27T08:05:43+00:00\",\"dateModified\":\"2021-07-27T08:05:46+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/xiarch.com\/blog\/security-researchers-alert-of-unpatched-kaseya-backup-vulnerabilities\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/xiarch.com\/blog\/security-researchers-alert-of-unpatched-kaseya-backup-vulnerabilities\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/xiarch.com\/blog\/security-researchers-alert-of-unpatched-kaseya-backup-vulnerabilities\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/xiarch.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security Researchers Alert of Unpatched Kaseya Backup Vulnerabilities\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/xiarch.com\/blog\/#website\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"name\":\"Xiarch Solutions Private Limited\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/xiarch.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\",\"name\":\"Xiarch\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"contentUrl\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"width\":300,\"height\":300,\"caption\":\"Xiarch\"},\"image\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/xiarch\/\",\"https:\/\/twitter.com\/xiarch\",\"https:\/\/www.linkedin.com\/company\/xiarch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\",\"name\":\"Xiarch Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"caption\":\"Xiarch Security\"},\"sameAs\":[\"https:\/\/xiarch.com\/blog\/\"],\"url\":\"https:\/\/xiarch.com\/blog\/author\/vector\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Security Researchers Alert of Unpatched Kaseya Backup Vulnerabilities - Xiarch Solutions Private Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiarch.com\/blog\/security-researchers-alert-of-unpatched-kaseya-backup-vulnerabilities\/","og_locale":"en_US","og_type":"article","og_title":"Security Researchers Alert of Unpatched Kaseya Backup Vulnerabilities - Xiarch Solutions Private Limited","og_description":"Researchers alert of three new zero-day vulnerabilities in Kaseya. Unitrends services and advise users not to reveal the service on the Internet. Kaseya Unitrends is a cloud-based enterprise backup and disaster recovery solution that is provided as a stand-alone solution or as an add-on for the Kaseya VSA remote management platform. In last week, the [&hellip;]","og_url":"https:\/\/xiarch.com\/blog\/security-researchers-alert-of-unpatched-kaseya-backup-vulnerabilities\/","og_site_name":"Xiarch Solutions Private Limited","article_publisher":"https:\/\/www.facebook.com\/xiarch\/","article_published_time":"2021-07-27T08:05:43+00:00","article_modified_time":"2021-07-27T08:05:46+00:00","og_image":[{"width":1000,"height":525,"url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/07\/Security-Researchers-Alert-of-Unpatched-Kaseya-Backup-Vulnerabilities-featured-image.jpg","type":"image\/jpeg"}],"author":"Xiarch Security","twitter_card":"summary_large_image","twitter_creator":"@xiarch","twitter_site":"@xiarch","twitter_misc":{"Written by":"Xiarch Security","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiarch.com\/blog\/security-researchers-alert-of-unpatched-kaseya-backup-vulnerabilities\/#article","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/security-researchers-alert-of-unpatched-kaseya-backup-vulnerabilities\/"},"author":{"name":"Xiarch Security","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c"},"headline":"Security Researchers Alert of Unpatched Kaseya Backup Vulnerabilities","datePublished":"2021-07-27T08:05:43+00:00","dateModified":"2021-07-27T08:05:46+00:00","mainEntityOfPage":{"@id":"https:\/\/xiarch.com\/blog\/security-researchers-alert-of-unpatched-kaseya-backup-vulnerabilities\/"},"wordCount":493,"commentCount":0,"publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"articleSection":["Vulnerabilities"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xiarch.com\/blog\/security-researchers-alert-of-unpatched-kaseya-backup-vulnerabilities\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xiarch.com\/blog\/security-researchers-alert-of-unpatched-kaseya-backup-vulnerabilities\/","url":"https:\/\/xiarch.com\/blog\/security-researchers-alert-of-unpatched-kaseya-backup-vulnerabilities\/","name":"Security Researchers Alert of Unpatched Kaseya Backup Vulnerabilities - Xiarch Solutions Private Limited","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/#website"},"datePublished":"2021-07-27T08:05:43+00:00","dateModified":"2021-07-27T08:05:46+00:00","breadcrumb":{"@id":"https:\/\/xiarch.com\/blog\/security-researchers-alert-of-unpatched-kaseya-backup-vulnerabilities\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiarch.com\/blog\/security-researchers-alert-of-unpatched-kaseya-backup-vulnerabilities\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/xiarch.com\/blog\/security-researchers-alert-of-unpatched-kaseya-backup-vulnerabilities\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiarch.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Security Researchers Alert of Unpatched Kaseya Backup Vulnerabilities"}]},{"@type":"WebSite","@id":"https:\/\/xiarch.com\/blog\/#website","url":"https:\/\/xiarch.com\/blog\/","name":"Xiarch Solutions Private Limited","description":"","publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiarch.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiarch.com\/blog\/#organization","name":"Xiarch","url":"https:\/\/xiarch.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","contentUrl":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","width":300,"height":300,"caption":"Xiarch"},"image":{"@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/xiarch\/","https:\/\/twitter.com\/xiarch","https:\/\/www.linkedin.com\/company\/xiarch"]},{"@type":"Person","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c","name":"Xiarch Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","caption":"Xiarch Security"},"sameAs":["https:\/\/xiarch.com\/blog\/"],"url":"https:\/\/xiarch.com\/blog\/author\/vector\/"}]}},"_links":{"self":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/2646"}],"collection":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/comments?post=2646"}],"version-history":[{"count":1,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/2646\/revisions"}],"predecessor-version":[{"id":2650,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/2646\/revisions\/2650"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media\/2648"}],"wp:attachment":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media?parent=2646"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/categories?post=2646"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/tags?post=2646"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}