What is SysAid Help Desk? #
SysAid provides IT help desk and ITSM software as both a cloud service and through an on-premise option.
Latest SysAid Help Desk vulnerability #
On the evening of November 8th Microsoft Threat Intelligence announced that they had discovered attacks by a ransomware gang against the SysAid Help Desk software using a zero-day exploit (CVE-2023-47246). These attacks leveraged a directory traversal vulnerability to upload a web shell and deliver the ransomware payload. SysAid has since published an advisory, complete with indicators of compromise, and made a patch available to customers. The Rapid7 blog has additional information about this issue.
Are updates available? #
SysAid Help Desk has released version 23.3.36 to address this issue.
How to find SysAid Help Desk with runZero #
SysAid Help Desk services can be found by navigating to the Service Inventory and using the following query:
_asset.protocol:{http} AND protocol:{http} AND (_service.favicon.ico.image.md5:="5f30870725d650d7377a134c74f41cfd" OR last.html.title:"SysAid")
Results from the above query should be triaged to determine if they require patching or vendor intervention.
As always, any prebuilt queries are available from your runZero console. Check out the documentation for other useful inventory queries.
