Friday 30 July 2021
The impact of this issue announcement is critical. Please act accordingly to rectify the issue, as stated below.
What you need to know:
A Dutch Institute for Vulnerability Disclosure researcher has disclosed several new vulnerabilities in Kaseya Unitrends backup, just weeks behind the massive REvil ransomware attack. This includes three zero day flaws which could potentially lead to remote code execution and authenticated privilege escalation.
Kaseya Unitrends backup product versions < 10.5.2
Actions to be taken:
DIVD Experts urge users to refrain from exposing the service (running default on ports 80, 443, 1743, 1745) directly to the internet until Kaseya has patched the vulnerabilities.