PT-2018-10329 · Quest · Quest Kace System Management Appliance

Guido Leo

Published

2018-05-31

Updated

2025-11-05

CVE-2018-11138

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Quest KACE System Management Appliance version 8.0.318

Description The issue concerns the accessibility of the "/common/download agent installer.php" script by anonymous users, which can be exploited to execute arbitrary commands on the system.

Recommendations For Quest KACE System Management Appliance version 8.0.318, restrict access to the "/common/download agent installer.php" script to prevent anonymous users from executing arbitrary commands.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2018-11138

Affected Products

Quest Kace System Management Appliance

PT-2018-10329 · Quest · Quest Kace System Management Appliance

CVE-2018-11138

Weakness Enumeration

Related Identifiers

Affected Products

References · 9