-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Quest KACE Systems Management Command Injection #10199
Add Quest KACE Systems Management Command Injection #10199
Conversation
These issues were reported to the vendor about 4 months ago. A hotfix for these issues was made public a little over two months ago and subsequently rolled into appliance updates. Vulnerability details, including proof-of-concept, have been public for over 3 weeks. The advisory does not make clear the simplicity with which these issues can be exploited. In particular, the unauthenticated remote command injection vulnerability is easily exploitable, as demonstrated by this module. This exploit is not fully automated. Knowledge of a valid organization ID and agent version are required. The |
Understood. Thank you. So I downloaded k1000-ovf_80.zip this morning from the official website, looks like they posted it on Dec 15 2017. Do we have to worry about auto-update when we spin up this appliance? Thanks. |
@wchen-r7: You could set networking to host-only unless the update is mandatory. |
Gotcha. Thanks! |
I had no issues with auto-updates. I also didn't test the hotfix. |
Release NotesAdd an exploit module that exploits a command injection vulnerability in Quest KACE Systems Management Appliance version 8.0.318. |
@space-r7: If you did any repro, please post logs and/or notes here. Thanks! |
Add Quest KACE Systems Management Command Injection exploit module.
Verification
List the steps needed to make sure this thing works
msfconsole
use exploit/unix/http/quest_kace_systems_management_rce
set ORGANIZATION 1
set AGENT_VERSION 8.0.152
run
Scenarios