CVE-2018-11138

Опубликовано: 31 мая 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Критический

Описание

The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system.

Ссылки

https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities
Exploit
Technical Description
Third Party Advisory
https://www.exploit-db.com/exploits/44950/
Exploit
Third Party Advisory
VDB Entry
https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities
Exploit
Technical Description
Third Party Advisory
https://www.exploit-db.com/exploits/44950/
Exploit
Third Party Advisory
VDB Entry
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-11138
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:quest:kace_system_management_appliance:8.0.318:*:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.92008

Критический

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-8m62-73pq-x847