Fixed Intel

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Jun 14, 2022

CVE-2017-18362

High
EPSS 80.3%CISA KEVRansomware
Kaseya/Virtual System/Server Administrator (VSA)

Description

ConnectWise ManagedITSync integration for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database.

EPSS — Exploit Probability

80.3%

Higher than 99.1% of all CVEs

Required Action

https://nvd.nist.gov/vuln/detail/CVE-2017-18362

Risk Assessment

CRITICAL
In CISA KEV
High EPSS
Ransomware

Details

Severity
High
EPSS
80.3%
CISA KEV
Yes
Ransomware
Known
Articles
0

Timeline

Published

May 24, 2022

Added to KEV

May 24, 2022

Remediation Due

Jun 14, 2022

Affected Product

Kaseya

Virtual System/Server Administrator (VSA)

View all Kaseya CVEs

External Links

NVD (NIST)CVE DetailsMITRE CVE