Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name	HTTP:CVE-2018-11138-CMD-INJ
Severity	Major
Recommended	No
Recommended Action	Drop
Category	HTTP
Keywords	Quest Kace Systems management CVE-2018-11138 Command Injection
Release Date	2019/02/04
Update Number	3139
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Quest Kace Systems management CVE-2018-11138 Command Injection

This signature detects attempts to exploit a known vulnerability against Quest Kace Systems Management. Successful attack could lead to Command Injection.

Extended Description

The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system.

Affected Products

Quest kace_system_management_appliance 8.0.318

References

CVE: CVE-2018-11138
URL: https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities

Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Quest Kace Systems management CVE-2018-11138 Command Injection

Extended Description

Affected Products

References