Kaseya Unitrends is a cloud-based enterprise solution that provides affordable, low-maintenance data protection offering to complement existing client backup and recovery solutions. The vulnerabilities include remote code execution and authenticated privilege escalation on the client-side.
Experts from the Dutch Institute for Vulnerability Disclosure (DIVD) disclosed three new vulnerabilities in the Unitrends backup product that have yet to be addressed.
The zero-day vulnerabilities impact Kaseya Unitrends versions prior 10.5.2. The advisory recommends customers using the flawed solution to avoid exposing the service online running on default ports.
A DIVD researcher has identified several vulnerabilities in the Kaseya Unitrends backup product version < 10.5.2. Do not expose this service or the clients (running default on ports 80, 443, 1743, 1745) directly to the internet until Kaseya has patched these vulnerabilities.