CVE-2018-11138

Quest KACE System Management Appliance Remote Command Execution Vulnerability

The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance is accessible by anonymous users and can be abused to perform remote code execution. Vendor/Product: Quest KACE System Management Appliance. Added to CISA KEV 2022-03-25; required action: Apply updates per vendor instructions.

Category: Vulnerability, Known Exploited

Reference: NVD CVE-2018-11138