Scripts are written to disk however they are not checked for integrity prior to execution. It will pull scripts and binaries to this folder and execute them from disk from the controlling web application.īy default the *Authenticated Users* group has all rights to this folder. The agent also has a default working folder C:\kworking\ ![]() The Kaseya agent (agentmon.exe) runs as SYSTEM by default. The root cause for both issues is allowing a low privileged group excessive permissions to a folder used by a elevated process. ![]() ![]() # Exploit Title: Kaseya VSA agent CVE-2017-12410 found by Filip Palian.Ī a fix was put in place for the original CVE, however it was specific to binaries and not scripts.
0 Comments
Leave a Reply. |