← back
CVE-2018-11138

CVE-2018-11138

CVSS 9.8 CRITICALEPSS 91.9%● KEVCWE-78
Vexday Risk Score
100Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 9.8EPSS 91.9%KEV simPoC públicaPatch
Lifecycle
31 May 2018Published on NVD
27 Jun 2018Public PoC
25 Mar 2022Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

An unprotected script in Quest KACE allows anyone on the internet to run any command they want on the server. This is extremely dangerous because attackers can take complete control of the system without needing a password.

Technical detail

CWE-78 (OS Command Injection) via unauthenticated access to '/common/download_agent_installer.php' in KACE 8.0.318. The script fails to validate user input and execute authorization checks, allowing remote attackers to inject arbitrary OS commands with system privileges. Impact includes complete system compromise.

Summary generated and translated by AI from the official description.
The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/44950/unverifiedexploitdbwww.exploit-db.com/exploits/44950unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-11138https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilitieshttps://www.exploit-db.com/exploits/44950/