Lucene search

[email protected]CVE-2019-10973

HistoryJul 08, 2019 - 6:15 p.m.

CVE-2019-10973

2019-07-0818:15:10

CWE-20

[email protected]

web.nvd.nist.gov

cve-2019-10973

quest kace

unintentional access

security vulnerability

nvd

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.0%

JSON

Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveraging functions of the troubleshooting tools located in the administrator user interface.

Affected configurations

NVD

Node

questkace_systems_management_applianceRange8.0.0–8.0.320

questkace_systems_management_applianceRange8.1.0–8.1.108

questkace_systems_management_applianceRange9.0.0–9.0.270

CPENameOperatorVersion
quest:kace_systems_management_appliancequest kace systems management appliancele8.0.320
quest:kace_systems_management_appliancequest kace systems management appliancele8.1.108
quest:kace_systems_management_appliancequest kace systems management appliancele9.0.270

CPE	Name	Operator	Version
quest:kace_systems_management_appliance	quest kace systems management appliance	le	8.0.320
quest:kace_systems_management_appliance	quest kace systems management appliance	le	8.1.108
quest:kace_systems_management_appliance	quest kace systems management appliance	le	9.0.270

CNA Affected

[
  {
    "product": "Quest KACE",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "All versions prior to version 8.0.x, 8.1.x, and 9.0.x"
      }
    ]
  }
]

References

www.securityfocus.com/bid/109001

www.us-cert.gov/ics/advisories/icsa-19-183-02

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.0%

JSON

Related for CVE-2019-10973

nvd1 cvelist1 ics1 prion1