PT-2018-10329 · Quest · Quest Kace System Management Appliance

Guido Leo

Publicado

2018-05-31

Atualizado

2025-11-05

CVE-2018-11138

CVSS v3.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Quest KACE System Management Appliance version 8.0.318

Description The issue concerns the accessibility of the "/common/download agent installer.php" script by anonymous users, which can be exploited to execute arbitrary commands on the system.

Recommendations For Quest KACE System Management Appliance version 8.0.318, restrict access to the "/common/download agent installer.php" script to prevent anonymous users from executing arbitrary commands.

Exploit

Correção

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

CVE-2018-11138

Produtos afetados

Quest Kace System Management Appliance

PT-2018-10329 · Quest · Quest Kace System Management Appliance

CVE-2018-11138

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9