{"vuid":"VU#204988","idnumber":"204988","name":"Kaseya's agent driver contains NULL pointer dereference","keywords":["kaseya","agent","kapfa.sys","driver","null","pointer","dereference","cwe-476"],"overview":"Kaseya's agent driver, kapfa.sys, is vulnerable to a NULL pointer dereference.","clean_desc":"CWE-476: NULL Pointer Dereference\nKaseya's agent driver, kapfa.sys, is vulnerable to a NULL pointer dereference.","impact":"A local authenticated attacker may be able to cause a denial-of-service condition or achieve code execution with the privileges of the Windows kernel.","resolution":"Kaseya has released patches with the following instructions: \"For VSA Version 7.0, install patch 7.0.0.16 and then update your agents to version 7.0.0.3 or higher (Agent-> Upgrade Agent->Update Agent). For VSA Version 6.5, install patch 6.5.0.17 and then update your agents to version 6.5.0.2 or higher (Agent-> Upgrade Agent->Update Agent). For VSA 6.3 or earlier, it is recommended to upgrade the system to version 6.5 or 7.0.\"","workarounds":"","sysaffected":"","thanks":"Thanks to Bill Finlayson for reporting this vulnerability.","author":"This document was written by Jared Allar.","public":["http://www.kaseya.com/","https://cwe.mitre.org/data/definitions/476.html"],"cveids":["CVE-2014-2926"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2014-03-12T14:03:00Z","publicdate":"2014-07-14T00:00:00Z","datefirstpublished":"2014-07-14T12:45:31Z","dateupdated":"2014-07-28T13:54:58Z","revision":27,"vrda_d1_directreport":"1","vrda_d1_population":"1","vrda_d1_impact":"1","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"L","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"U","cvss_reportconfidence":"UC","cvss_collateraldamagepotential":"L","cvss_targetdistribution":"L","cvss_securityrequirementscr":"L","cvss_securityrequirementsir":"M","cvss_securityrequirementsar":"H","cvss_basescore":"6.8","cvss_basevector":"AV:L/AC:L/Au:S/C:C/I:C/A:C","cvss_temporalscore":"5.5","cvss_environmentalscore":"1.483749615616","cvss_environmentalvector":"CDP:L/TD:L/CR:L/IR:M/AR:H","metric":0.0,"vulnote":null}