CyberSec.Space Logo
Back to CVE Browser

CVE-2018-11138

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score45.3950%
EPSS Percentile88.49th
PublishedMay 31, 2018
Last ModifiedNov 5, 2025

Vulnerability Description

The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system.

Affected Platforms (CPE)

πŸ“¦
Quest

Kace System Management Appliance

= 8.0.318

References & Advisories

πŸ”— https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities
πŸ”— https://www.exploit-db.com/exploits/44950/
πŸ”— https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities
πŸ”— https://www.exploit-db.com/exploits/44950/
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-11138

Related Vulnerabilities

CVE-2019-205049.8

service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 (6.4.120822) allows a remote attacker to exec...

CVE-2017-125679.8

SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 thro...

CVE-2019-129189.8

Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. The affected file is softwar...

CVE-2018-111369.8

The 'orgID' parameter received by the '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance ...