My First CVE! [CVE-2017-18362]

Posted 2019-02-06 by kbni [permalink]

So this is kind of exciting, but an exploit I discovered for a Kaseya plugin written by Connectwise called ManagedITSync has finally had a CVE allocated to it, over a year after being disclosed to both Connectwise and Kaseya. Why? Because Chinese hackers started using the exploit to attack MSPs, such as this one, with about 80 clients. Thanks to Kyle at Huntress Labs attributing credit to me, and getting a CVE allocated after all this time.

Links:


Previous: 2018 September Roadtrip (2018-09-19)
Next: I'm a Security Researcher now! (2019-08-20)