CVE-2021-30116
Published Jul 9, 2021
Last updated 4 months ago
- Description
- Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client for Windows and installs it, the file KaseyaD.ini is generated (C:\Program Files (x86)\Kaseya\XXXXXXXXXX\KaseyaD.ini) which contains an Agent_Guid and AgentPassword This Agent_Guid and AgentPassword can be used to log in on dl.asp (https://x.x.x.x/dl.asp?un=840997037507813&pw=113cc622839a4077a84837485ced6b93e440bf66d44057713cb2f95e503a06d9) This request authenticates the client and returns a sessionId cookie that can be used in subsequent attacks to bypass authentication. Security issues discovered --- * Unauthenticated download page leaks credentials * Credentials of agent software can be used to obtain a sessionId (cookie) that can be used for services not intended for use by agents * dl.asp accepts credentials via a GET request * Access to KaseyaD.ini gives an attacker access to sufficient information to penetrate the Kaseya installation and its clients. Impact --- Via the page /dl.asp enough information can be obtained to give an attacker a sessionId that can be used to execute further (semi-authenticated) attacks against the system.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- vsa_agent, vsa_server
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Data from CISA
- Vulnerability name
- Kaseya Virtual System/Server Administrator (VSA) Information Disclosure Vulnerability
- Exploit added on
- Nov 3, 2021
- Exploit action due
- Nov 17, 2021
- Required action
- Apply updates per vendor instructions.
- Hype score
- Not currently trending
Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2021-27877 (Veritas Veritas..) +934.92% - CVE-2025-29824 (CLFS..) +289.16% - CVE-2021-30116 (Kaseya VSA..) +223.20% - CVE-2022-24521 (CLFS..) +208.83% - CVE-2023-20269 (ASA..) +168.29%
@DefusedCyber
11 Nov 2025
1497 Impressions
1 Retweet
13 Likes
3 Bookmarks
0 Replies
0 Quotes
Ransomware vulns with highest exploit likelihood ⬆️ (past 30d): - CVE-2025-61882 (Oracle E-Busine..) +198818.60% - CVE-2021-27877 (Veritas Veritas..) +2502.74% - CVE-2025-29824 (CLFS..) +233.72% - CVE-2021-30116 (Kaseya VSA..) +228.66% - CVE-2021-27878 (Veritas Veritas..)
@DefusedCyber
27 Oct 2025
2764 Impressions
3 Retweets
14 Likes
5 Bookmarks
1 Reply
1 Quote
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kaseya:vsa_agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2019D8D-BA9B-4DE2-8628-F0776FACE360",
"versionEndExcluding": "9.5.0.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaseya:vsa_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9529A08E-3306-4D61-AD50-D66548E7427A",
"versionEndExcluding": "9.5.7a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]