Verrideo - Security Researcher - Exploit Intelligence Platform

CVE-2024-23772 NOMISEC MEDIUM STUB

Quest KACE Agent for Windows <13.1.23.0 - File Create

An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file create vulnerability exists in the KSchedulerSvc.exe, KUserAlert.exe, and Runkbot.exe components. This allows local attackers to create any file of their choice with NT Authority\SYSTEM privileges.

CVSS 6.6

View Code

CVE-2024-23773 NOMISEC HIGH STUB

Quest KACE Agent <13.1.23.0 - Privilege Escalation

An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file delete vulnerability exists in the KSchedulerSvc.exe component. Local attackers can delete any file of their choice with NT Authority\SYSTEM privileges.

CVSS 7.8

View Code

CVE-2024-23774 NOMISEC HIGH STUB

Quest KACE Agent for Windows <13.1.23.0 - Code Injection

An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An unquoted Windows search path vulnerability exists in the KSchedulerSvc.exe and AMPTools.exe components. This allows local attackers to execute code of their choice with NT Authority\SYSTEM privileges.

CVSS 7.8

View Code