CVE-2019-10973

HIGH

Quest KACE Systems Management Appliance < 8.0.320 - Unauthenticated Unintended Access via Troubleshooting Tools

Title source: llm
STIX 2.1

Description

Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveraging functions of the troubleshooting tools located in the administrator user interface.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/109001
Patch, Third Party Advisory, US Government Resource x_refsource_misc
https://www.us-cert.gov/ics/advisories/icsa-19-183-02

Scores

CVSS v3 7.2
EPSS 0.0242
EPSS Percentile 82.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (1)
quest/kace_systems_management_appliance 8.0.0 - 8.0.320
Published Jul 08, 2019
Tracked Since Feb 18, 2026