PT-2024-20076 · Quest · Kace Agent
Tom Norfolk
·
Published
2024-04-30
·
Updated
2024-08-09
·
CVE-2024-23772
CVSS v3.1
6.6
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Quest KACE Agent for Windows versions 12.0.38 through 13.1.23.0
Description
An issue exists in the KSchedulerSvc.exe, KUserAlert.exe, and Runkbot.exe components, allowing local attackers to create any file of their choice with NT AuthoritySYSTEM privileges. This is due to an arbitrary file create vulnerability. Local attackers can exploit this issue to create files with elevated privileges.
Recommendations
For version 12.0.38, consider disabling the KSchedulerSvc.exe, KUserAlert.exe, and Runkbot.exe components until a patch is available.
For version 13.1.23.0, consider disabling the KSchedulerSvc.exe, KUserAlert.exe, and Runkbot.exe components until a patch is available.
As a temporary workaround, restrict access to the vulnerable components to minimize the risk of exploitation.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kace Agent