Security researchers warn of three new zero-day vulnerabilities in the Kaseya Unitrends service and advise users not to expose the service to the Internet. The Dutch Institute for Vulnerability Disclosure (DIVD) issued a TLP:AMBER advisory about three unpatched vulnerabilities last week. The vulnerabilities affect a mixture of authenticated remote code execution, authenticated privilege escalation, and unauthenticated remote execution on the client side. The amount of vulnerable instances is low, but they have been found in sensitive industries, says DIVD Chairman Victor Gevers.
Source: https://www.bleepingcomputer.com/news/security/researchers-warn-of-unpatched-kaseya-unitrends-backup-vulnerabilities/