CVEブラウザに戻る

CVE-2018-11138

Known Exploited (CISA KEV)CRITICAL

9.8

CVSS Severity Score

EPSS Score45.3950%

EPSS Percentile88.49th

Published2018年5月31日

Last Modified2025年11月5日

Vulnerability Description

The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system.

Affected Platforms (CPE)

📦

Quest

Kace System Management Appliance

= 8.0.318

References & Advisories

🔗 https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities

🔗 https://www.exploit-db.com/exploits/44950/

🔗 https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities

🔗 https://www.exploit-db.com/exploits/44950/

🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-11138

関連する脆弱性情報

CVE-2019-205049.8

service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 (6.4.120822) allows a remote attacker to exec...

CVE-2017-125679.8

SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 thro...

CVE-2019-129189.8

Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. The affected file is softwar...

CVE-2018-111369.8

The 'orgID' parameter received by the '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance ...