Skip to main content
All vulnerabilities
CVE-2018-11138 Known ransomware use

Quest KACE System Management Appliance Remote Command Execution Vulnerability

QuestKACE System Management Appliance

Added to KEV catalog
25 March 2022
Federal remediation due date
15 April 2022
Weakness classification (CWE)
CWE-78

CISA Description

The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance is accessible by anonymous users and can be abused to perform remote code execution.

Required action

Apply updates per vendor instructions.

Notes

https://nvd.nist.gov/vuln/detail/CVE-2018-11138

Confirm Your Exposure

Is this vulnerability present in your environment?

CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.

Explore VAPT Services