CVE-2018-20753

KEV

Published: Feb 05, 2019 Last Modified: Nov 07, 2025

ExploitDB:

Other exploit source:

Google Dorks:

CRITICAL 9,8

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: high

HIGH 7,5

Source: [email protected]

Access Vector: network

Access Complexity: low

Authentication: none

Confidentiality: partial

Integrity: partial

Availability: partial

Description

AI Translation Available

Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote attackers to execute PowerShell payloads on all managed devices. In January 2018, attackers actively exploited this vulnerability in the wild.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,4444

Percentile

1,0th

Updated

EPSS Score Trend (Last 91 Days)

Application

Virtual System Administrator by Kaseya

Product Information

Vendor Kaseya

Product Virtual System Administrator

Version Range Affected

From 9.3 (inclusive)

To 9.3.0.35 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:kaseya:virtual_system_administrator:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Virtual System Administrator by Kaseya

Product Information

Vendor Kaseya

Product Virtual System Administrator

Version Range Affected

From 9.4 (inclusive)

To 9.4.0.36 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:kaseya:virtual_system_administrator:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Virtual System Administrator by Kaseya

Product Information

Vendor Kaseya

Product Virtual System Administrator

Version Range Affected

From 9.5 (inclusive)

To 9.5.0.5 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:kaseya:virtual_system_administrator:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://www.cisa.gov/known-exploited-vulnerabilities-catalo…

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018…

https://blog.huntresslabs.com/deep-dive-kaseya-vsa-mining-p…

https://blog.huntresslabs.com/deep-dive-kaseya-vsa-mining-payload-c0ac839a0e88

https://helpdesk.kaseya.com/hc/en-gb/articles/360000333152

https://blog.huntresslabs.com/deep-dive-kaseya-vsa-mining-p…

https://blog.huntresslabs.com/deep-dive-kaseya-vsa-mining-payload-c0ac839a0e88

https://helpdesk.kaseya.com/hc/en-gb/articles/360000333152

CVE-2018-20753

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 91 Days)

Virtual System Administrator by Kaseya

Product Information

Virtual System Administrator by Kaseya

Product Information

Virtual System Administrator by Kaseya

Product Information

Iscriviti alla newsletter