Описание
service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 (6.4.120822) allows a remote attacker to execute code via shell metacharacters in the kuid parameter.
Ссылки
- https://www.rcesecurity.com/2019/04/dell-kace-k1000-remote-code-execution-the-story-of-bug-k1-18652/ExploitThird Party Advisory
- https://www.rcesecurity.com/2019/04/dell-kace-k1000-remote-code-execution-the-story-of-bug-k1-18652/ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.4.120822 (исключая)
cpe:2.3:a:quest:kace_systems_management:*:*:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.55808
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-78
Связанные уязвимости
github
больше 3 лет назад
service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 (6.4.120822) allows a remote attacker to execute code via shell metacharacters in the kuid parameter.
EPSS
Процентиль: 98%
0.55808
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-78