Description
An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An unquoted Windows search path vulnerability exists in the KSchedulerSvc.exe and AMPTools.exe components. This allows local attackers to execute code of their choice with NT Authority\SYSTEM privileges.
Published: 2024-04-30
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

No history.

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-01T23:13:07.423Z

Reserved: 2024-01-22T00:00:00.000Z

Link: CVE-2024-23774

cve-icon Vulnrichment

Updated: 2024-08-01T23:13:07.423Z

cve-icon NVD

Status : Deferred

Published: 2024-04-30T14:15:15.103

Modified: 2026-06-17T07:13:34.793

Link: CVE-2024-23774

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')