Follow

Response to NULL Pointer Dereference Vulnerability (CVE-2014-2926)

Overview:

The Kaseya Virtual Systems Administrator (VSA) agent component contains a NULL pointer deference flaw which is outlined in CVE-2014-2926.

Impact:

Kaseya's agent driver is vulnerable to a NULL pointer dereference.  A local authenticated attacker may be able to trigger a NULL pointer dereference in the local agent driver causing a denial of service (crash of the agent service).  This only impacts the specific machine the agent is installed on and requires a locally authenticated user to trigger the event.

Affected Versions:

All

Solution:

For VSA Version 7.0, install patch 7.0.0.16 and then update your agents to version 7.0.0.3 or higher (Agent-> Upgrade Agent->Update Agent).

For VSA Version 6.5, install patch 6.5.0.17 and then update your agents to version 6.5.0.2 or higher (Agent-> Upgrade Agent->Update Agent).

For VSA 6.3 or earlier, it is recommended to upgrade the system to version 6.5 or 7.0.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.