CVE-2018-11138: Quest KACE System Management Appliance Remote Command
Quest KACE System Management Appliance Remote Command Execution Vulnerability. The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance is accessible by anonymous users and can be abused to perform remote code execution.
- CISA KEV-listed (remediation due 2022-04-15)
- used in ransomware campaigns
- EPSS 93.4% (99.8% percentile)