CVE-2017-12567

high-risk

Published 2017-08-07

SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 through 7.2.101, and K1000 as a Service 7.0 through 7.2.

Do I need to act?

-

0.33% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

9

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (18)

Kace Asset Management Appliance

Kace Asset Management Appliance

Kace Asset Management Appliance

Kace Asset Management Appliance

Kace Systems Management Appliance

Kace Systems Management Appliance

Kace Systems Management Appliance

Kace Systems Management Appliance

Kace Systems Management Appliance

K1000 As A Service

K1000 As A Service

Kace Asset Management Appliance

Kace Asset Management Appliance

Kace Systems Management Appliance

Kace Systems Management Appliance

K1000 As A Service

K1000 As A Service

K1000 As A Service

Affected Vendors

Quest

References (2)

Vendor Advisory https://support.quest.com/kace-systems-management-appliance/kb/231874

Vendor Advisory https://support.quest.com/kace-systems-management-appliance/kb/231874

52

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 1/34 · Minimal

Exposure 19/34 · Moderate