CVE-2018-11132

by Fred · 31/05/2018

In order to perform actions that require higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue that runs daemonized with root privileges and only allows a set of commands to be executed. A command injection vulnerability exists within this message queue which allows low-privilege users to append arbitrary commands that will be run as root.

Date published : 2018-05-31

https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities

CVE-2018-11132

Similar

Recent Posts

Categories

CVE-2018-11132

Share this:

Similar

Recent Posts

Categories

Tags