CVE-2019-10973

Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveraging functions of the troubleshooting tools located in the administrator user interface.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
icscertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
questkace_systems_management_appliance
8.0.0 ≤
𝑥
≤ 8.0.320
questkace_systems_management_appliance
8.1.0 ≤
𝑥
≤ 8.1.108
questkace_systems_management_appliance
9.0.0 ≤
𝑥
≤ 9.0.270
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/109001
https://www.us-cert.gov/ics/advisories/icsa-19-183-02
http://www.securityfocus.com/bid/109001
https://www.us-cert.gov/ics/advisories/icsa-19-183-02