CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Nov 17, 2021

CVE-2021-30116

High

EPSS 53.1%CISA KEVRansomware

Kaseya/Virtual System/Server Administrator (VSA)

Description

Kaseya Virtual System/Server Administrator (VSA) contains an information disclosure vulnerability allowing an attacker to obtain the sessionId that can be used to execute further attacks against the system.

EPSS — Exploit Probability

53.1%

Higher than 97.9% of all CVEs

Required Action

https://nvd.nist.gov/vuln/detail/CVE-2021-30116

Risk Assessment

CRITICAL

In CISA KEV

High EPSS

Ransomware

Details

Severity: High
EPSS: 53.1%
CISA KEV: Yes
Ransomware: Known
Articles: 0

Timeline

Published

Nov 3, 2021

Added to KEV

Nov 3, 2021

Remediation Due

Nov 17, 2021

Affected Product

Kaseya

Virtual System/Server Administrator (VSA)

View all Kaseya CVEs

External Links

NVD (NIST)CVE Details MITRE CVE