ACTIVELY EXPLOITED3 sources verified·1 min read
By Lyrie Threat Intelligence·5/24/2022
CVE-2017-18362 added to CISA KEV: Kaseya Virtual System/Server Administrator (VSA)
Status: ✅ Confirmed exploited in the wild
Date added: 2022-05-24
Required action: The impacted product is end-of-life and should be disconnected if still in use.
Due date: 2022-06-14
Why this matters
ConnectWise ManagedITSync integration for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database.
Sources
Lyrie Verdict
Lyrie's autonomous detection layer catches active exploitation primitives at machine speed — closing the gap between disclosure and weaponization that traditional defense simply can't cover.