CVE-2018-11134

HIGH

Quest Kace System Management Appliance - Password Reset Weakness

Title source: rule

Description

In order to perform actions that requires higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue managed that runs with root privileges and only allows a set of commands. One of the available commands allows changing any user's password (including root). A low-privilege user could abuse this feature by changing the password of the 'kace_support' account, which comes disabled by default but has full sudo privileges.

References (1)

[Exploit, Technical Description, Third Party Advisory] https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities

Scores

CVSS v3 8.8

EPSS 0.0056

EPSS Percentile 68.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-640

Status published

Products (1)

quest/kace_system_management_appliance 8.0.318

Published May 31, 2018

Tracked Since Feb 18, 2026