CVE-2022-29807 in KACE Systems Management Applianceinfo

Summary

by MITRE • 08/03/2022

A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_agent_installer.php.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 08/29/2022

The Quest KACE Systems Management Appliance version 12.0 contains a critical SQL injection vulnerability that resides in the download_agent_installer.php component. This flaw represents a significant security weakness that can be exploited remotely to achieve unauthorized code execution on the target system. The vulnerability stems from insufficient input validation and sanitization within the application's parameter handling mechanisms, specifically affecting the way user-supplied data is processed in database queries.

This SQL injection vulnerability operates through the manipulation of input parameters that are directly incorporated into SQL query construction without proper escaping or parameterization. Attackers can craft malicious payloads that exploit this weakness to inject arbitrary SQL commands into the database layer, potentially allowing them to extract sensitive information, modify database contents, or execute arbitrary code on the underlying system. The impact extends beyond simple data compromise as the vulnerability enables full remote code execution capabilities.

The operational consequences of this vulnerability are severe and multifaceted. An attacker who successfully exploits this flaw can gain complete control over the KACE SMA appliance, potentially leading to unauthorized access to managed endpoints, data exfiltration, and further lateral movement within the network infrastructure. The vulnerability affects the core management functionality of the appliance, which typically serves as a central point for system administration and endpoint management, making it an attractive target for attackers seeking persistent access to enterprise environments.

From a cybersecurity framework perspective, this vulnerability aligns with CWE-89 SQL Injection and maps to several ATT&CK techniques including T1190 Exploit Public-Facing Application and T1059 Command and Scripting Interpreter. The weakness demonstrates poor input validation practices and inadequate database query sanitization that violates fundamental security principles. Organizations utilizing Quest KACE SMA appliances are particularly vulnerable as this affects the primary download functionality that agents use to install and communicate with the management server.

Mitigation strategies should prioritize immediate patching of the affected appliance to the latest available version that contains the necessary security fixes. Network segmentation and access controls should be implemented to limit exposure of the appliance to untrusted networks. Additionally, monitoring for suspicious database queries and anomalous network traffic patterns can help detect exploitation attempts. Security teams should also implement proper input validation at multiple layers including application-level sanitization and database query parameterization to prevent similar vulnerabilities from occurring in other components of the system.

Reservation

04/26/2022

Disclosure

08/03/2022

Moderation

accepted

CPE

ready

EPSS

0.01069

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!