The Dutch Institute for Vulnerability Disclosure (DIVD) issued a TLP:AMBER advisory last week about three unpatched vulnerabilities within the Kaseya Unitrends backup solution.  This affects the stand-alone solution, as well as add-ons to the Kaseya VSA Remote Monitoring & Management (RMM) platform. 

While the initial advisory was released under the TLP:AMBER designation to government Community Emergency Response Teams (CERT), one of the recipients of the alert uploaded the information to an online analyzing tool that released the advisory to all participants of that platform. 

The vulnerabilities include authenticated privilege escalation, authenticated and unauthenticated remote code execution with access to a valid user account.   

Recommended Mitigation Strategy: 

Ensure that Unitrends Backup appliances are not accessible from the internet.  Access should be restricted to internal network traffic until an official patch is applied.   

Affected Systems: Kaseya Unitrends versions below 10.5.2 

DIVD Security Advisory (with update information): 

DIVD-2021-00014 – Kaseya Unitrends | DIVD CSIRT 

Remember, always test changes before deploying within a live environment to avoid unintended system and performance impact. 

We can help.

For assistance, or should you have any questions or concerns:
Email: support@conversantgroup.com
Call: 423.305.7890
After Hours/Emergency Support: 423.305.7890 Option 2