CVE-2019-20504

CRITICAL EXPLOITED NUCLEI

Quest Kace Systems Management < 6.4.120822 - OS Command Injection

Title source: rule

Description

service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 (6.4.120822) allows a remote attacker to execute code via shell metacharacters in the kuid parameter.

Nuclei Templates (1)

Dell KACE Systems Management Appliance (K1000) 6.4.120756 - Remote Code Execution

CRITICALVERIFIEDby DhiyaneshDk

Shodan: html:"K1000 Logo"

References (1)

[Exploit, Third Party Advisory] https://www.rcesecurity.com/2019/04/dell-kace-k1000-remote-code-execution-the-story-of-bug-k1-18652/

Scores

CVSS v3 9.8

EPSS 0.5581

EPSS Percentile 98.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-06-29

CWE

CWE-78

Status published

Products (1)

quest/kace_systems_management < 6.4.120822

Published Mar 09, 2020

Tracked Since Feb 18, 2026