{"containers":{"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2019-02-04T00:00:00.000Z","descriptions":[{"lang":"en","value":"Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote attackers to execute PowerShell payloads on all managed devices. In January 2018, attackers actively exploited this vulnerability in the wild."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2019-02-05T05:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_MISC"],"url":"https://blog.huntresslabs.com/deep-dive-kaseya-vsa-mining-payload-c0ac839a0e88"},{"tags":["x_refsource_MISC"],"url":"https://helpdesk.kaseya.com/hc/en-gb/articles/360000333152"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2018-20753","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote attackers to execute PowerShell payloads on all managed devices. In January 2018, attackers actively exploited this vulnerability in the wild."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://blog.huntresslabs.com/deep-dive-kaseya-vsa-mining-payload-c0ac839a0e88","refsource":"MISC","url":"https://blog.huntresslabs.com/deep-dive-kaseya-vsa-mining-payload-c0ac839a0e88"},{"name":"https://helpdesk.kaseya.com/hc/en-gb/articles/360000333152","refsource":"MISC","url":"https://helpdesk.kaseya.com/hc/en-gb/articles/360000333152"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T12:12:28.564Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://blog.huntresslabs.com/deep-dive-kaseya-vsa-mining-payload-c0ac839a0e88"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://helpdesk.kaseya.com/hc/en-gb/articles/360000333152"}]},{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":9.8,"attackVector":"NETWORK","baseSeverity":"CRITICAL","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"id":"CVE-2018-20753","role":"CISA Coordinator","options":[{"Exploitation":"active"},{"Automatable":"yes"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-02-04T20:37:19.719004Z"}}},{"other":{"type":"kev","content":{"dateAdded":"2022-04-13","reference":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-20753"}}}],"references":[{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-20753","tags":["government-resource"]}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","description":"CWE-noinfo Not enough information"}]}],"timeline":[{"time":"2022-04-13T00:00:00.000Z","lang":"en","value":"CVE-2018-20753 added to CISA KEV"}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-21T23:45:43.693Z"}}]},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2018-20753","datePublished":"2019-02-05T05:00:00.000Z","dateReserved":"2019-02-04T00:00:00.000Z","dateUpdated":"2025-10-21T23:45:43.693Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}