CVE-2018-11138
Quest KACE System Management Appliance Remote Command Execution Vulnerability
CVSS
—
No CVSS
EPSS
91.9%
p100
KEV
YES
Mar 25, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
91.9%EPSS · 30 days91.9%
2026-06-302026-07-16
Product
Quest / KACE System Management Appliance
Vulnerability
Quest KACE System Management Appliance Remote Command Execution Vulnerability
Added to KEV
Mar 25, 2022
Remediate by
Apr 15, 2022
Known ransomware use
Yes
Summary description
The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance is accessible by anonymous users and can be abused to perform remote code execution.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2018-11138
No related CVEs by CWE or product.