vulnerability

Quest KACE Systems Management Appliance: CVE-2018-11138: Improper Neutralization of Special Elements used in an OS Command

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	May 31, 2018	Sep 1, 2025	Sep 1, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

May 31, 2018

Added

Sep 1, 2025

Modified

Sep 1, 2025

Description

The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system.

Solution

quest-kace-systems-management-appliance-upgrade-latest

References

CVE-2018-11138
https://attackerkb.com/topics/CVE-2018-11138
URL-https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities
URL-https://www.exploit-db.com/exploits/44950/
CWE-78

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today