PT-2018-10325 · Quest · Quest Kace System Management Appliance

Publicado

2018-05-31

Atualizado

2018-06-29

CVE-2018-11134

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Quest KACE System Management Appliance version 8.0.318

Description The issue allows a low-privilege user to change the password of any user, including the 'kace support' account, which has full sudo privileges. This is possible due to a command in the message queue manager that runs with root privileges.

Recommendations For Quest KACE System Management Appliance version 8.0.318, consider disabling the kace support account or restricting its sudo privileges until a patch is available. As a temporary workaround, restrict access to the message queue manager to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-640

Identificadores relacionados

CVE-2018-11134

Produtos afetados

Quest Kace System Management Appliance

PT-2018-10325 · Quest · Quest Kace System Management Appliance

CVE-2018-11134

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3