Home/CVEs/CVE-2018-11138/

CVE-2018-11138 - Quest KACE System Management Appliance Remote Command Execution Vulnerability

Project:Quest

Product:KACE System Management Appliance

Date Added:2022-03-25Due Date:2022-04-15

Vulnerability Name

Quest KACE System Management Appliance Remote Command Execution Vulnerability

Description

The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance is accessible by anonymous users and can be abused to perform remote code execution.

Known To Be Used in Ransomware Campaigns?

Known

Action

Apply updates per vendor instructions.

Additional Notes

https://nvd.nist.gov/vuln/detail/CVE-2018-11138