Command Injection Vulnerability in Quest KACE System Management Appliance
CVE-2018-11132

8.8HIGH

Key Information:

Vendor: Quest
Status: Kace System Management Appliance
Vendor: CVE Published:; 31 May 2018

What is CVE-2018-11132?

A command injection vulnerability in the Quest KACE System Management Appliance (version 8.0.318) allows low-privilege users to execute arbitrary commands with root privileges through a compromised message queue mechanism. This vulnerability enables unauthorized users to perform sensitive actions, posing significant security risks for systems relying on this appliance.

References

https://www.coresecurity.com/advisories/quest-kace-system...

x_refsource_MISC

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 31, 2018
Vulnerability Reserved
May 15, 2018