CVE-2021-30120
Last modified
CVE-2021-30120 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Kaseya VSA before 9.5.7 allows attackers to bypass the 2FA requirement. The need to use 2FA for authentication in enforce client-side instead of server-side and can be bypassed using a local proxy. EPSS estimates a 5.70% chance of exploitation in the next 30 days.
Description
Kaseya VSA before 9.5.7 allows attackers to bypass the 2FA requirement. The need to use 2FA for authentication in enforce client-side instead of server-side and can be bypassed using a local proxy. Thus rendering 2FA useless. Detailed description --- During the login process, after the user authenticates with username and password, the server sends a response to the client with the booleans MFARequired and MFAEnroled. If the attacker has obtained a password of a user and used an intercepting proxy (e.g. Burp Suite) to change the value of MFARequered from True to False, there is no prompt for the second factor, but the user is still logged in.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Kaseya | Vsa | <= 9.5.6 |
References
- https://csirt.divd.nl/2021/07/07/Kaseya-Limited-Disclosure/Patch, Third Party Advisory
- https://csrit.divd.nl/CVE-2021-30120Permissions Required, Third Party Advisory
- https://csrit.divd.nl/DIVD-2021-00011Permissions Required, Third Party Advisory
- https://csirt.divd.nl/2021/07/07/Kaseya-Limited-Disclosure/Patch, Third Party Advisory
- https://csrit.divd.nl/CVE-2021-30120Permissions Required, Third Party Advisory
- https://csrit.divd.nl/DIVD-2021-00011Permissions Required, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-30120?
How severe is CVE-2021-30120?
How do I fix CVE-2021-30120?
Are you affected by CVE-2021-30120?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST