← ExploitWatch
HomeExploited Vulnerabilities

CVE-2018-11138 — Actively Exploited: KACE System Management Appliance (Quest)

The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance is accessible by anonymous users and can be abused to perform remote code execution.

CVE IDCVE-2018-11138
VendorQuest
ProductKACE System Management Appliance
Vulnerability nameQuest KACE System Management Appliance Remote Command Execution Vulnerability
Date added2022-03-25
Remediation due2022-04-15
Known ransomware useKnown
Required actionApply updates per vendor instructions.
DescriptionThe '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance is accessible by anonymous users and can be abused to perform remote code execution.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →