CVE-2018-11141 - OpenCVE

The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the '/adminui/advisory.php' script in the Quest KACE System Management Virtual Appliance 8.0.318 can be abused to write and delete files respectively via Directory Traversal. Files can be at any location where the 'www' user has write permissions.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Quest	Kace System Management Appliance

Configuration 1 [-]

cpe:2.3:a:quest:kace_system_management_appliance:8.0.318:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-05-31T18:00:00

Updated: 2024-08-05T08:01:51.141Z

Reserved: 2018-05-15T00:00:00

Link: CVE-2018-11141

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-05-31T18:29:00.683

Modified: 2018-06-29T18:52:01.480

Link: CVE-2018-11141

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-05-31T00:00:00", "descriptions": [{"lang": "en", "value": "The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the '/adminui/advisory.php' script in the Quest KACE System Management Virtual Appliance 8.0.318 can be abused to write and delete files respectively via Directory Traversal. Files can be at any location where the 'www' user has write permissions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-31T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-11141", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the '/adminui/advisory.php' script in the Quest KACE System Management Virtual Appliance 8.0.318 can be abused to write and delete files respectively via Directory Traversal. Files can be at any location where the 'www' user has write permissions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities", "refsource": "MISC", "url": "https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T08:01:51.141Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-11141", "datePublished": "2018-05-31T18:00:00", "dateReserved": "2018-05-15T00:00:00", "dateUpdated": "2024-08-05T08:01:51.141Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:quest:kace_system_management_appliance:8.0.318:*:*:*:*:*:*:*", "matchCriteriaId": "D9C0A86B-DFA8-4305-93A3-03E7BD52094E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the '/adminui/advisory.php' script in the Quest KACE System Management Virtual Appliance 8.0.318 can be abused to write and delete files respectively via Directory Traversal. Files can be at any location where the 'www' user has write permissions."}, {"lang": "es", "value": "Los par\u00e1metros \"IMAGES_JSON\" y \"attachments_to_remove[]\" del script \"/adminui/advisory.php\" en Quest KACE System Management Virtual Appliance 8.0.318 se pueden explotar para escribir y borrar archivos mediante un salto de directorio. Los archivos pueden estar en cualquier ubicaci\u00f3n en el que el usuario \"www\" tiene permisos de escritura."}], "id": "CVE-2018-11141", "lastModified": "2018-06-29T18:52:01.480", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-31T18:29:00.683", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}