CVE-2018-11138CISA KEVEPSS p99.8%

CVE-2018-11138Quest KACE System Management Appliance Remote Command Execution Vulnerability

Quest / KACE System Management Appliance

Description

The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance is accessible by anonymous users and can be abused to perform remote code execution.

Scoring

EPSS91.93% probability of exploitation · percentile 99.8% · 2026-06-18T12:00:27Z

CISA KEV entry

Added to KEV: 2022-03-25

(incoming)1

TypeTargetConfidenceTier
KEVEntryQuest KACE System Management Appliance Remote Command Execution Vulnerabilitykev-cve-2018-111380%live

Related by meaning· 4

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Kaseya VSA Remote Code Execution Vulnerability
CVE
CVE-2025-26850
CVE
Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
CVE
CVE-2025-41734
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.