PT-2024-20077 · Quest · Quest Kace Agent For Windows
Tom Norfolk
·
Published
2024-04-30
·
Updated
2024-08-09
·
CVE-2024-23773
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Quest KACE Agent for Windows versions 12.0.38 through 13.1.23.0
Description
An issue exists in the KSchedulerSvc.exe component, allowing local attackers to delete any file of their choice with NT AuthoritySYSTEM privileges. This is due to an arbitrary file delete vulnerability.
Recommendations
For version 12.0.38, consider disabling the KSchedulerSvc.exe component until a patch is available.
For version 13.1.23.0, restrict access to the KSchedulerSvc.exe component to minimize the risk of exploitation.
As a temporary workaround, consider implementing additional access controls to limit the privileges of the NT AuthoritySYSTEM account.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Quest Kace Agent For Windows