cbcvebase.
CVE-2018-20753
published 2019-02-05

CVE-2018-20753: Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote attackers to execute PowerShell payloads on all…

PriorityP190critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWRansomware
CISA Known Exploited Vulnerabilitydue 2022-05-04
Exploited in the wild
EPSS
29.55%
98.0th percentile
Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote attackers to execute PowerShell payloads on all managed devices. In January 2018, attackers actively exploited this vulnerability in the wild.

Affected

3 ranges
VendorProductVersion rangeFixed in
kaseyavirtual_system_administrator>= 9.3 < 9.3.0.359.3.0.35
kaseyavirtual_system_administrator>= 9.4 < 9.4.0.369.4.0.36
kaseyavirtual_system_administrator>= 9.5 < 9.5.0.59.5.0.5

Detection & IOCsextracted from sources · hover to see the quote

  • Monitor for unauthorized PowerShell payload execution originating from Kaseya VSA RMM agent processes on managed endpoints, which may indicate exploitation of unauthenticated remote code execution
  • This vulnerability was actively exploited in the wild starting January 2018; prioritize hunting for suspicious PowerShell activity on VSA-managed devices from that period onward
  • ·Vulnerable versions span three release branches; ensure patching covers all deployed branches: R9.3 before 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5
  • ·The attack surface is amplified by the RMM architecture: a single compromised VSA server can push malicious PowerShell payloads to ALL managed devices, not just the VSA host itself

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
cisa9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.