Quest KACE System Management Appliance 8.0.318 - Remote Code Execution

CVE-2018-11138

Verified

Description

The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system.

Severity

Critical

CVSS Score

9.8

Exploit Probability

92%

Affected Product

kace_system_management_appliance

Published Date

October 13, 2025

Template Author

ritikchaddha

CVE-2018-11138.yaml

id: CVE-2018-11138

info:
  name: Quest KACE System Management Appliance 8.0.318 - Remote Code Execution
  author: ritikchaddha
  severity: critical
  description: |
    The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system.
  impact: |
    An attacker can execute arbitrary commands on the affected system, potentially leading to complete system compromise, data theft, or further network exploitation.
  remediation: |
    Upgrade to a patched version of Quest KACE System Management Appliance or apply the necessary security patches provided by Quest Software.
  reference:
    - https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities
    - https://www.exploit-db.com/exploits/44950/
    - https://nvd.nist.gov/vuln/detail/CVE-2018-11138
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11138
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2018-11138
    cwe-id: CWE-78
    epss-score: 0.92008
    epss-percentile: 0.99692
    cpe: cpe:2.3:a:quest:kace_system_management_appliance:8.0.318:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: quest
    product: kace_system_management_appliance
    fofa-query: icon_hash="-463230636"
  tags: cve,cve2018,quest,kace,rce,kev,passive,vkev,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    host-redirects: true
    matchers:
      - type: dsl
        dsl:
          - 'contains_any(tolower(body), "kace", "quest")'
          - 'compare_versions(detected_version, "8.0.318")'
        condition: and

    extractors:
      - type: regex
        part: body
        name: detected_version
        group: 1
        regex:
          - '\?build=([0-9.]+)'
# digest: 4a0a00473045022100a7738d57c93c2592d1dff46507c97a1cfea674049e56a463ec8932673ed416ae022079bf91d09e2c5c9d1f75b149d3df1672ed53599e826d0bc0afdf208b51f9aabc:922c64590222798bb761d5b6d8e72950

9.8Score

CVSS Metrics

CVSS Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE ID:

cve-2018-11138

CWE ID:

cwe-78

References

https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities https://www.exploit-db.com/exploits/44950/https://nvd.nist.gov/vuln/detail/CVE-2018-11138 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11138

Remediation Steps

Upgrade to a patched version of Quest KACE System Management Appliance or apply the necessary security patches provided by Quest Software.

id: CVE-2018-11138

info:
  name: Quest KACE System Management Appliance 8.0.318 - Remote Code Execution
  author: ritikchaddha
  severity: critical
  description: |
    The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system.
  impact: |
    An attacker can execute arbitrary commands on the affected system, potentially leading to complete system compromise, data theft, or further network exploitation.
  remediation: |
    Upgrade to a patched version of Quest KACE System Management Appliance or apply the necessary security patches provided by Quest Software.
  reference:
    - https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities
    - https://www.exploit-db.com/exploits/44950/
    - https://nvd.nist.gov/vuln/detail/CVE-2018-11138
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11138
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2018-11138
    cwe-id: CWE-78
    epss-score: 0.92008
    epss-percentile: 0.99692
    cpe: cpe:2.3:a:quest:kace_system_management_appliance:8.0.318:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: quest
    product: kace_system_management_appliance
    fofa-query: icon_hash="-463230636"
  tags: cve,cve2018,quest,kace,rce,kev,passive,vkev,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    host-redirects: true
    matchers:
      - type: dsl
        dsl:
          - 'contains_any(tolower(body), "kace", "quest")'
          - 'compare_versions(detected_version, "8.0.318")'
        condition: and

    extractors:
      - type: regex
        part: body
        name: detected_version
        group: 1
        regex:
          - '\?build=([0-9.]+)'
# digest: 4a0a00473045022100a7738d57c93c2592d1dff46507c97a1cfea674049e56a463ec8932673ed416ae022079bf91d09e2c5c9d1f75b149d3df1672ed53599e826d0bc0afdf208b51f9aabc:922c64590222798bb761d5b6d8e72950

Quest KACE System Management Appliance 8.0.318 - Remote Code Execution

Description

Severity

CVSS Score

Exploit Probability

Affected Product

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps

Quest KACE System Management Appliance 8.0.318 - Remote Code Execution

Description

Severity

CVSS Score

Exploit Probability

Affected Product

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps