CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-11138

The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.868

EPSS Ranking 99.4%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 10.0

Proposed Action

The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance is accessible by anonymous users and can be abused to perform remote code execution.

Ransomware Campaign

Known

References

https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities
https://www.exploit-db.com/exploits/44950/
https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities
https://www.exploit-db.com/exploits/44950/

Products affected by CVE-2018-11138

Quest » Kace System Management Appliance » Version: 8.0.318

cpe:2.3:a:quest:kace_system_management_appliance:8.0.318

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-11138

Products

Pricing

Contact Us