Cybersecurity Alerts

Actively Exploited Vulnerabilities

← Back to Cybersecurity Alerts

CVE-2018-11138

Quest | KACE System Management ApplianceAdded 2022-03-25Remediation Deadline 2022-04-15Active Ransomware Campaign

Quest KACE System Management Appliance Remote Command Execution Vulnerability

The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance is accessible by anonymous users and can be abused to perform remote code execution.

Required Action

Apply updates per vendor instructions.

Weakness Classification

CWE-78

References