Ask the Community
Groups
Security Bulletin - Connect IT Community | Kaseya
<main> <article class="userContent"> <p><strong><span data-contrast="auto">DATE: July 28, 2021</span></strong><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <p><strong><span data-contrast="auto">AFFECTED PRODUCTS:</span></strong><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="auto">Unitrends Recovery Series and MAX hardware appliances</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="auto">Unitrends Backup virtual appliances</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="auto">Kaseya Unified Backup</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="auto">NOTE: Unitrends/Kaseya EndPoint Backup (aka Cloud Backup, Direct to Cloud Backup), KCB, BUDR, KDB and Spanning Backup products </span><strong><span data-contrast="auto">ARE NOT</span></strong><span data-contrast="auto"> affected</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <p><strong><span data-contrast="auto">Overview:</span></strong><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="auto">As part of a continuous security focus across our products, Unitrends works with third party security firms to ensure the highest level of protection for our customers.</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="auto">Earlier this month, potential security vulnerabilities were discovered, and we immediately began working on a maintenance release. However</span><strong><span data-contrast="auto">, </span></strong><span data-contrast="auto">due to</span><strong><span data-contrast="auto"> </span></strong><span data-contrast="auto">an unfortunate procedural error by the security researcher, the names of the potential vulnerabilities were prematurely posted and picked up by an industry publication. </span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="auto">There has been </span><strong><span data-contrast="auto">NO KNOWN EXPLOIT of this vulnerability being used, no technical details disclosed, and no proof of concept disclosed. </span></strong><span data-contrast="auto"> </span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <p><strong><span data-contrast="auto">MITIGATION</span></strong><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <ul><li data-leveltext="" data-font="Symbol" data-listid="1" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"> <span data-contrast="auto">For machines with Unitrends agents that are exposed to the internet configure firewall settings on the machines to only allow inbound TCP on port 1743-1749 from <Unitrends Appliance IP address></span><span data-ccp-props="{"134233279":true,"201341983":0,"335559739":160,"335559740":259}"> </span> </li> </ul><ul><li data-leveltext="o" data-font="Courier New" data-listid="1" aria-setsize="-1" data-aria-posinset="1" data-aria-level="2"> <span data-contrast="auto">Example steps are outlined in the following KB: </span><a rel="nofollow" href="https://kaseya.vanillacommunities.com/kb/articles/aliases/unitrends/hc/en-us/articles/4404684084369-RCE-KB"><span data-contrast="none"><a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fsupport.unitrends.com%2Fhc%2Fen-us%2Farticles%2F4404684084369-RCE-KB">https://support.unitrends.com/hc/en-us/articles/4404684084369-RCE-KB</a></span></a><span data-ccp-props="{"134233279":true,"201341983":0,"335559739":160,"335559740":259}"> </span> </li> </ul><p><span data-ccp-props="{"134233279":true,"201341983":0,"335559685":720,"335559739":160,"335559740":259}"> </span></p> <ul><li data-leveltext="" data-font="Symbol" data-listid="1" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"> <span data-contrast="auto">For Unitrends Appliances, </span><span data-contrast="auto">we reiterate our existing mandate from our implementation guide that the users should never expose the appliance Web UI or SSH connections to open external ports</span><span data-contrast="auto">. Ensure you are following our existing</span><strong><span data-contrast="auto"> Unitrends Firewall Requirements: </span></strong><a rel="nofollow" href="https://kaseya.vanillacommunities.com/kb/articles/aliases/unitrends/hc/en-us/articles/360013264518"><span data-contrast="none"><a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fsupport.unitrends.com%2Fhc%2Fen-us%2Farticles%2F360013264518">https://support.unitrends.com/hc/en-us/articles/360013264518</a></span></a><span data-ccp-props="{"134233279":true,"201341983":0,"335559739":160,"335559740":259}"> </span> </li> </ul><p><strong><span data-contrast="auto">PATCH</span></strong><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="auto">Unitrends is working on a patch to resolve these issues. We expect fixes to be released in our August update.</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> </article> </main>