In order to perform actions that require higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue that runs daemonized with root privileges and only allows a set of commands to be executed. A command injection vulnerability exists within this message queue which allows low-privilege users to append arbitrary commands that will be run as root.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
quest kace system management appliance 8.0.318 |