CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
82.5%
The Quest Kace System Management (K1000) Appliance contains multiple vulnerabilities, including a blind SQL injection vulnerability and a stored cross site scripting vulnerability. It also suffers from misconfigurations in the cross-origin resource sharing (CORS) mechanism and improperly validates source communications.
CVE-2018-5404: The Quest Kace System Management (K1000) Appliance allows an authenticated, remote attacker with least privileges (โUser Console Onlyโ role) to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database. (CWE-89)
CVE-2018-5405: The Quest Kace System Management (K1000) Appliance allows an authenticated least privileged user with โUser Console Onlyโ rights to potentially inject arbitrary JavaScript code on the tickets page. Script execution could allow a malicious user of the system to steal session cookies of other users including Administrator and take over their session. This can further be exploited to launch other attacks. The software also does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. (CWE-79)
CVE-2018-5406: The Quest Kace System Management (K1000) Appliance allows a remote attacker to exploit the misconfigured Cross-Origin Resource Sharing (CORS) mechanism. An unauthenticated, remote attacker could exploit this vulnerability to perform sensitive actions such as adding a new administrator account or changing the applianceโs settings. A malicious internal user could also gain administrator privileges of this appliance and use it to visit a malicious link that exploits this vulnerability. This could cause the application to perform sensitive actions such as adding a new administrator account or changing the applianceโs settings. (CWE-284)
An authenticated remote attacker could leverage Blind SQL injections to obtain sensitive data. An authenticated user with โuser console onlyโ rights may inject arbitrary JavaScript, which could result in an attacker taking over a session of others, including an Administrator. An unauthenticated, remote attacker could add an administrator-level account or change the applianceโs settings.
Apply an update
Upgrade to KACE SMA Versions 9.1.317 and later.
877837
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: October 04, 2018 Updated: June 03, 2019
Statement Date: October 24, 2018
Affected
Upgrade to version 9.1.317.
Group | Score | Vector |
---|---|---|
Base | 9.3 | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Temporal | 7.3 | E:POC/RL:OF/RC:C |
Environmental | 5.5 | CDP:N/TD:M/CR:ND/IR:ND/AR:ND |
Thanks to Kapil Khot for reporting this vulnerability.
This document was written by Laurie Tyzenhaus.
CVE IDs: | CVE-2018-5404, CVE-2018-5405, CVE-2018-5406 |
---|---|
Date Public: | 2019-06-01 Date First Published: |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
82.5%