Vulnerability Details CVE-2021-44029
An issue was discovered in Quest KACE Desktop Authority before 11.2. This vulnerability allows attackers to execute remote code through a deserialization exploitation in the RadAsyncUpload function of ASP.NET AJAX. An attacker can leverage this vulnerability when the encryption keys are known (due to the presence of CVE-2017-11317, CVE-2017-11357, or other means). A default setting for the type whitelisting feature in more current versions of ASP.NET AJAX prevents exploitation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2021-44029
-
cpe:2.3:a:quest:kace_desktop_authority:10.0
-
cpe:2.3:a:quest:kace_desktop_authority:10.1
-
cpe:2.3:a:quest:kace_desktop_authority:10.2
-
cpe:2.3:a:quest:kace_desktop_authority:11.0
-
cpe:2.3:a:quest:kace_desktop_authority:11.1