mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 01:04:30 +00:00
1.1 KiB
1.1 KiB
CVE-2018-11134
Description
In order to perform actions that requires higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue managed that runs with root privileges and only allows a set of commands. One of the available commands allows changing any user's password (including root). A low-privilege user could abuse this feature by changing the password of the 'kace_support' account, which comes disabled by default but has full sudo privileges.
POC
Reference
- https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities
- https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities