Sign-up

ID

VAR-202003-0967


CVE

CVE-2019-20504


TITLE

Quest KACE K1000 Systems Management Injection vulnerabilities in appliances

Trust: 0.8

sources: JVNDB: JVNDB-2019-014852

DESCRIPTION

service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 (6.4.120822) allows a remote attacker to execute code via shell metacharacters in the kuid parameter. Quest KACE K1000 Systems Management An injection vulnerability exists in the appliance.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Quest Software KACE K1000 Systems Management Appliance (KACE SMA) is a system management device from Quest Software, USA. The service / krashrpt.php file in Quest Software KACE SMA 6.4 SP3 (6.4.120822) and earlier versions has a security vulnerability

Trust: 2.25

sources: NVD: CVE-2019-20504 // JVNDB: JVNDB-2019-014852 // CNVD: CNVD-2020-16728 // VULMON: CVE-2019-20504

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-16728

AFFECTED PRODUCTS

vendor:questmodel:kace systems managementscope:ltversion:6.4.120822

Trust: 1.0

vendor:questmodel:kace systems management appliancescope:eqversion:6.4 sp3 (6.4.120822)

Trust: 0.8

vendor:questmodel:software quest software kace systems management appliance sp3scope:ltversion:6.4(6.4.120822)

Trust: 0.6

sources: CNVD: CNVD-2020-16728 // JVNDB: JVNDB-2019-014852 // NVD: CVE-2019-20504

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-20504
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2019-014852
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-16728
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202003-387
value: CRITICAL

Trust: 0.6

VULMON: CVE-2019-20504
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-20504
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2019-014852
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-16728
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-20504
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-014852
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-16728 // VULMON: CVE-2019-20504 // JVNDB: JVNDB-2019-014852 // CNNVD: CNNVD-202003-387 // NVD: CVE-2019-20504

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:CWE-74

Trust: 0.8

sources: JVNDB: JVNDB-2019-014852 // NVD: CVE-2019-20504

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-387

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202003-387

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-014852

PATCH
title:KACE Systems Management Applianceurl:https://www.quest.com/products/kace-systems-management-appliance/
Trust: 0.8
title:Patch for Quest Software KACE K1000 Systems Management Appliance code execution vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/208349
Trust: 0.6
title:Quest Software KACE K1000 Systems Management Appliance Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111677
Trust: 0.6
title: - url:https://github.com/canonical/ubuntu-com-security-api 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-16728 // 
            
            
            
            VULMON: CVE-2019-20504 // 
            
            
            
            JVNDB: JVNDB-2019-014852 // 
            
            
            
            CNNVD: CNNVD-202003-387

EXTERNAL IDS
db:NVDid:CVE-2019-20504
Trust: 3.1
db:JVNDBid:JVNDB-2019-014852
Trust: 0.8
db:CNVDid:CNVD-2020-16728
Trust: 0.6
db:CNNVDid:CNNVD-202003-387
Trust: 0.6
db:VULMONid:CVE-2019-20504
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-16728 // 
            
            
            
            VULMON: CVE-2019-20504 // 
            
            
            
            JVNDB: JVNDB-2019-014852 // 
            
            
            
            CNNVD: CNNVD-202003-387 // 
            
            
            
            NVD: CVE-2019-20504

REFERENCES
url:https://www.rcesecurity.com/2019/04/dell-kace-k1000-remote-code-execution-the-story-of-bug-k1-18652/
Trust: 3.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20504
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-20504
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/78.html
Trust: 0.1
url:https://github.com/canonical/ubuntu-com-security-api
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-16728 // 
            
            
            
            VULMON: CVE-2019-20504 // 
            
            
            
            JVNDB: JVNDB-2019-014852 // 
            
            
            
            CNNVD: CNNVD-202003-387 // 
            
            
            
            NVD: CVE-2019-20504

SOURCES
db:CNVDid:CNVD-2020-16728
db:VULMONid:CVE-2019-20504
db:JVNDBid:JVNDB-2019-014852
db:CNNVDid:CNNVD-202003-387
db:NVDid:CVE-2019-20504

LAST UPDATE DATE
2024-11-23T22:55:16.140000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-16728date:2020-03-11T00:00:00
db:VULMONid:CVE-2019-20504date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-014852date:2020-03-23T00:00:00
db:CNNVDid:CNNVD-202003-387date:2020-08-25T00:00:00
db:NVDid:CVE-2019-20504date:2024-11-21T04:38:38.230

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-16728date:2020-03-11T00:00:00
db:VULMONid:CVE-2019-20504date:2020-03-09T00:00:00
db:JVNDBid:JVNDB-2019-014852date:2020-03-23T00:00:00
db:CNNVDid:CNNVD-202003-387date:2020-03-09T00:00:00
db:NVDid:CVE-2019-20504date:2020-03-09T01:15:11.233