CVE-2019-10973
published 2019-07-08CVE-2019-10973: Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveraging functions of the troubleshooting…
PriorityP342high7.2CVSS 3.0
AVNACLPRHUINSUCHIHAH
EPSS
2.42%
82.1th percentile
Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveraging functions of the troubleshooting tools located in the administrator user interface.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| quest | kace_systems_management_appliance | 8.0.0 – 8.0.320 | — |
| quest | kace_systems_management_appliance | 8.1.0 – 8.1.108 | — |
| quest | kace_systems_management_appliance | 9.0.0 – 9.0.270 | — |
CVSS provenance
nvdv3.07.2HIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qq7m-c52g-r8p8: Quest KACE, all versions prior to version 8
ghsa_unreviewed·2022-05-24
CVE-2019-10973 [HIGH] CWE-20 GHSA-qq7m-c52g-r8p8: Quest KACE, all versions prior to version 8
Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveraging functions of the troubleshooting tools located in the administrator user interface.
CISA ICS
Quest KACE Systems Management Appliance
cisa_ics·2019-07-02·CVSS 7.2
[HIGH] Quest KACE Systems Management Appliance
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Quest KACE Systems Management Appliance
Last RevisedJuly 02, 2019
Alert CodeICSA-19-183-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 2.7
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Quest
- Equipment: KACE Systems Management Appliance (SMA)
- Vulnerability: Improper Input Validation
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an administrative user unintentional access to the underlying operating system of the device.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of KACE Systems Management A
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-07-08
Published