Directory Traversal Vulnerability in Quest KACE System Management Appliance
CVE-2018-11137

6.5MEDIUM

Key Information:

Vendor

Quest

Status
Kace System Management Appliance
Vendor
CVE Published:
31 May 2018

What is CVE-2018-11137?

The Quest KACE System Management Appliance 8.0.318 contains a vulnerability in the '/common/download_attachment.php' script where the 'checksum' parameter can be exploited to perform a directory traversal attack. This allows attackers to read arbitrary files within the system using 'www' privileges, without requiring administrator access. This vulnerability raises significant security concerns as it potentially exposes sensitive files and data.

References

https://www.coresecurity.com/advisories/quest-kace-system...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2018-11137 : Directory Traversal Vulnerability in Quest KACE System Management Appliance