CVE-2015-2863
published 2015-07-20CVE-2015-2863: Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4…
PriorityP265medium4.3CVSS 2.0
AVNACMAuNCNIPAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
10.32%
95.1th percentile
Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kaseya | virtual_system_administrator | >= 7.0 < 7.0.0.29 | 7.0.0.29 |
| kaseya | virtual_system_administrator | >= 8.0 < 8.0.0.18 | 8.0.0.18 |
| kaseya | virtual_system_administrator | >= 9.0 < 9.0.0.14 | 9.0.0.14 |
| kaseya | virtual_system_administrator | >= 9.1 < 9.1.0.4 | 9.1.0.4 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect open redirect exploitation via the 'urlToLoad' parameter in supportLoad.asp — monitor GET requests to /inc/supportLoad.asp with an external URL value in the urlToLoad query parameter. ↗
- →Detect open redirect exploitation via the 'url' parameter in LocalProxy.ashx — monitor GET requests to /vsaPres/Web20/core/LocalProxy.ashx with an external URL value; attacker must also spoof the Host header to the target. ↗
- →Both redirect endpoints are unauthenticated — no session cookie or login is required to trigger the redirect, making them accessible to any remote attacker. ↗
- ·The LocalProxy.ashx vector requires the attacker to spoof the HTTP Host header to the target Kaseya VSA host; detections relying solely on the Host header value may miss this attack variant. ↗
- ·Affected versions span a wide range (at least v7 to v9.1); version fingerprinting alone is insufficient since the exact lower bound of affected versions is unknown. ↗
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mcgp-344h-g8g4: Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7
ghsa_unreviewed·2022-05-14
CVE-2015-2863 [MEDIUM] GHSA-mcgp-344h-g8g4: Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7
Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
VulnCheck
Kaseya Virtual System/Server Administrator (VSA) URL Redirection to Untrusted Site ('Open Redirect')
vulncheck·2015·CVSS 4.3
CVE-2015-2863 [MEDIUM] Kaseya Virtual System/Server Administrator (VSA) URL Redirection to Untrusted Site ('Open Redirect')
Kaseya Virtual System/Server Administrator (VSA) URL Redirection to Untrusted Site ('Open Redirect')
Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Affected: Kaseya Virtual System/Server Administrator (VSA)
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-12-15&host_type=src&vulnerability=cve-2015-2863; https://dashboard.shadowserver.org/statistics
No detection rules found.
Exploit-DB
Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities (1)
exploitdb·2015-07-15·CVSS 4.0
CVE-2015-2863 [MEDIUM] Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities (1)
Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities (1)
---
>> Multiple vulnerabilities in Kaseya Virtual System Administrator
>> Discovered by Pedro Ribeiro ([email protected]), Agile Information Security (http://www.agileinfosec.co.uk/)
Disclosure: 13/07/2015 / Last updated: 28/09/2015
>> Background on the affected product:
"Kaseya VSA is an integrated IT Systems Management platform that can be leveraged seamlessly across IT disciplines to streamline and automate your IT services. Kaseya VSA integrates key management capabilities into a single platform. Kaseya VSA makes your IT staff more productive, your services more reliable, your systems more secure, and your value easier to show."
A special thanks to CERT and ZDI for assisting with the vulnerability reporting pro
Nuclei
Kaseya Virtual System Administrator - Open Redirect
nuclei·CVSS 4.3
CVE-2015-2863 [MEDIUM] Kaseya Virtual System Administrator - Open Redirect
Kaseya Virtual System Administrator - Open Redirect
Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Template:
id: CVE-2015-2863
info:
name: Kaseya Virtual System Administrator - Open Redirect
author: 0x_Akoko,AmirHossein Raeisi
severity: medium
description: |
Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
impact: |
Attackers ca
2015-07-20
Published
Exploited in the wild