CyberSec.Space Logo
Back to CVE Browser

CVE-2019-20504

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0640%
EPSS Percentile36.01th
PublishedMar 9, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 (6.4.120822) allows a remote attacker to execute code via shell metacharacters in the kuid parameter.

Affected Platforms (CPE)

📦
Quest

Kace Systems Management

< 6.4.120822

References & Advisories

🔗 https://www.rcesecurity.com/2019/04/dell-kace-k1000-remote-code-execution-the-story-of-bug-k1-18652/
🔗 https://www.rcesecurity.com/2019/04/dell-kace-k1000-remote-code-execution-the-story-of-bug-k1-18652/

Related Vulnerabilities

CVE-2018-111369.8

The 'orgID' parameter received by the '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance ...

CVE-2017-125679.8

SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 thro...

CVE-2019-129189.8

Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. The affected file is softwar...

CVE-2018-111389.8

The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous...