Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2019-14510

An issue was discovered in Kaseya VSA RMM through 9.5.0.22. When using the default configuration, the LAN Cache feature creates a local account FSAdminxxxxxxxxx (e.g., FSAdmin123456789) on the server that hosts the LAN Cache and all clients that are assigned to a LAN Cache. This account is placed into the local Administrators group of all clients assigned to the LAN Cache. When the assigned client is a Domain Controller, the FSAdminxxxxxxxxx account is created as a domain account and automatically added as a member of the domain BUILTIN\Administrators group. Using the well known Pass-the-Hash techniques, an attacker can use the same FSAdminxxxxxxxxx hash from any LAN Cache client and pass this to a Domain Controller, providing administrative rights to the attacker on any Domain Controller. (Local account Pass-the-Hash mitigations do not protect domain accounts.)
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.1%
CVSS Severity
CVSS v3 Score 6.7
CVSS v2 Score 7.2
Products affected by CVE-2019-14510
  • Kaseya » Vsa » Version: 9.1.0.10
    cpe:2.3:a:kaseya:vsa:9.1.0.10
  • Kaseya » Vsa » Version: 9.1.0.11
    cpe:2.3:a:kaseya:vsa:9.1.0.11
  • Kaseya » Vsa » Version: 9.5.0.10
    cpe:2.3:a:kaseya:vsa:9.5.0.10
  • Kaseya » Vsa » Version: 9.5.0.11
    cpe:2.3:a:kaseya:vsa:9.5.0.11
  • Kaseya » Vsa » Version: 9.5.0.12
    cpe:2.3:a:kaseya:vsa:9.5.0.12
  • Kaseya » Vsa » Version: 9.5.0.14
    cpe:2.3:a:kaseya:vsa:9.5.0.14
  • Kaseya » Vsa » Version: 9.5.0.15
    cpe:2.3:a:kaseya:vsa:9.5.0.15
  • Kaseya » Vsa » Version: 9.5.0.16
    cpe:2.3:a:kaseya:vsa:9.5.0.16
  • Kaseya » Vsa » Version: 9.5.0.17
    cpe:2.3:a:kaseya:vsa:9.5.0.17
  • Kaseya » Vsa » Version: 9.5.0.18
    cpe:2.3:a:kaseya:vsa:9.5.0.18
  • Kaseya » Vsa » Version: 9.5.0.19
    cpe:2.3:a:kaseya:vsa:9.5.0.19
  • Kaseya » Vsa » Version: 9.5.0.20
    cpe:2.3:a:kaseya:vsa:9.5.0.20
  • Kaseya » Vsa » Version: 9.5.0.21
    cpe:2.3:a:kaseya:vsa:9.5.0.21
  • Kaseya » Vsa » Version: 9.5.0.22
    cpe:2.3:a:kaseya:vsa:9.5.0.22
  • Kaseya » Vsa » Version: 9.5.0.8
    cpe:2.3:a:kaseya:vsa:9.5.0.8
  • Kaseya » Vsa » Version: 9.5.0.9
    cpe:2.3:a:kaseya:vsa:9.5.0.9


Products
Pricing
Contact Us

Shodan ® - All rights reserved