CVE-2018-11132 is a vulnerability in Quest Software Kace System Management Appliance
Published on May 31, 2018
In order to perform actions that require higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue that runs daemonized with root privileges and only allows a set of commands to be executed. A command injection vulnerability exists within this message queue which allows low-privilege users to append arbitrary commands that will be run as root.
Products Associated with CVE-2018-11132
Want to know whenever a new CVE is published for Quest Software Kace System Management Appliance? stack.watch will email you.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.