CVE-2017-18362 Kaseya CVE debrief

Who should care

Kaseya VSA administrators, MSPs using VSA, incident responders, and asset owners responsible for legacy remote-management systems should treat this as urgent. Organizations that still have any VSA footprint should verify whether it is exposed or still connected to production networks.

Technical summary

The available source corpus identifies the issue as a SQL injection vulnerability affecting Kaseya VSA. CISA’s KEV entry marks it as known exploited, notes known ransomware campaign use, and indicates the impacted product is end-of-life. No CVSS score was provided in the supplied data.

Defensive priority

High. Known exploitation plus ransomware association and end-of-life product status make this a priority for immediate inventory, isolation, and retirement actions.

Recommended defensive actions

• Inventory all Kaseya VSA deployments and confirm whether any instance remains active.
• If VSA is still in use, follow the CISA guidance in the KEV record and disconnect the end-of-life product.
• Prioritize removal or replacement of any exposed or legacy VSA installation.
• Review administrative access and monitoring data around any VSA instance for signs of unauthorized activity.
• Use the official CVE and NVD records to confirm current advisory status and any vendor-linked remediation guidance.

Evidence notes

This debrief is based only on the supplied CISA KEV metadata and the official CVE/NVD links. The source record explicitly states: product is end-of-life, should be disconnected if still in use, and known ransomware campaign use is present. No CVSS score was included in the supplied corpus.

Official resources