14 DAY TRIAL // Two zero-day vulnerabilities affecting Unitrends backup and continuity service have been patches by Kaseya recently, according to The Hacker News.
Dutch Institute for Vulnerability Disclosure (DIVD) informed that the provider of IT infrastructure management solutions has solved server software bugs 10.5.5-2 reported on August 12. Both vulnerabilities are part of a trio of flaws discovered and reported on July 3, 2021. The issues encompass both an authenticated vulnerability to remote code execution and a privilege escalation fault on Unitrends servers from the read-only user to the administrator.
Users of unpatched software should avoid connecting the affected servers to the Internet
A previously unknown client vulnerability in Kaseya Unitrends has not yet been patched. Then again, the company issues some firewall rules recommendations to block traffic to and from the client, thereby reducing the risk associated with the vulnerability. In addition, Kaseya advises against leaving servers linked to the Internet as a second preventative measure.
"NOTE: NEVER expose the appliance Web UI or SSH connections to open external ports. Doing so may void your support agreement until the appliance can be secured properly. NEVER deploy the Unitrends appliance on a public IP. All incoming ports to a Unitrends appliance MUST be firewall protected. Privately operated Hot Copy Targets should be deployed in such a way as to secure the VPN connection to only trusted source external IPs".
Nearly two months have passed since a crippling ransomware attack on the company's on-site VSA products resulted in the unfathomable shutdown of the REvil cyber crime gang in the following weeks. During the intervening period, Kaseya released zero-day solutions that grant access to the firm's on-site servers and claims to have received a universal decryptor at the end of last month for affected clients.