Vulnerability Details CVE-2018-11134
In order to perform actions that requires higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue managed that runs with root privileges and only allows a set of commands. One of the available commands allows changing any user's password (including root). A low-privilege user could abuse this feature by changing the password of the 'kace_support' account, which comes disabled by default but has full sudo privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.1%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
Products affected by CVE-2018-11134
-
cpe:2.3:a:quest:kace_system_management_appliance:8.0.318