Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Add Quest KACE Systems Management Command Injection #10199
Add Quest KACE Systems Management Command Injection exploit module.
List the steps needed to make sure this thing works
These issues were reported to the vendor about 4 months ago.
A hotfix for these issues was made public a little over two months ago and subsequently rolled into appliance updates.
Vulnerability details, including proof-of-concept, have been public for over 3 weeks.
The advisory does not make clear the simplicity with which these issues can be exploited. In particular, the unauthenticated remote command injection vulnerability is easily exploitable, as demonstrated by this module.
This exploit is not fully automated. Knowledge of a valid organization ID and agent version are required. The