PT-2022-19841 · Quest · Quest Kace System Management Appliance
Published
2022-08-02
·
Updated
2022-08-10
·
CVE-2022-29807
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Quest KACE Systems Management Appliance (SMA) versions prior to 12.0
Description
A SQL injection issue exists that can allow for remote code execution via the "download agent installer.php" endpoint.
Recommendations
For versions prior to 12.0, update to version 12.0 or later to resolve the issue.
As a temporary workaround, consider restricting access to the "download agent installer.php" endpoint until a patch is available.
Fix
RCE
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Quest Kace System Management Appliance