PatchSiren cyber security CVE debrief
CVE-2018-11138 Quest CVE debrief
CVE-2018-11138 is a Quest KACE System Management Appliance remote command execution issue that CISA has listed in its Known Exploited Vulnerabilities catalog. The KEV record flags known exploitation and indicates known ransomware campaign use, so this should be treated as an urgent remediation item rather than a routine patch. CISA’s guidance for this entry is to apply updates per the vendor’s instructions.
- Vendor
- Quest
- Product
- KACE System Management Appliance
- CVSS
- Unknown
- CISA KEV
- Listed
- Original CVE published
- 2022-03-25
- Original CVE updated
- 2022-03-25
- Advisory published
- 2022-03-25
- Advisory updated
- 2022-03-25
Who should care
Organizations running Quest KACE System Management Appliance, especially internet-facing or broadly accessible appliances, should prioritize this advisory. Security, infrastructure, and incident response teams should also care because CISA marked the vulnerability as known exploited and associated with ransomware campaign activity.
Technical summary
The issue is described in the available source material as a remote command execution vulnerability in Quest KACE System Management Appliance. The CISA KEV entry identifies the product as Quest KACE System Management Appliance, records the vulnerability as known exploited, and notes known ransomware campaign use. The source corpus does not provide additional technical details such as affected versions, attack prerequisites, or CVSS scoring.
Defensive priority
High. Because this vulnerability is in the CISA Known Exploited Vulnerabilities catalog and has known ransomware campaign use, remediation should be prioritized immediately according to vendor guidance. The KEV due date in the supplied timeline is 2022-04-15.
Recommended defensive actions
- Apply Quest updates or mitigations per vendor instructions as soon as possible.
- Confirm whether any Quest KACE System Management Appliance instances are deployed in your environment.
- Review exposure of the appliance, especially any external access paths, and reduce unnecessary access.
- Check for suspicious activity on affected appliances and related administrative accounts.
- Use the CISA KEV catalog entry and the vendor advisory/NVD record to validate remediation status.
Evidence notes
All statements are based on the supplied CISA KEV source item and the official resource links provided in the corpus. The KEV metadata explicitly lists vendorProject Quest, product KACE System Management Appliance, vulnerabilityName Remote Command Execution Vulnerability, dateAdded 2022-03-25, dueDate 2022-04-15, and knownRansomwareCampaignUse Known. No additional technical details were inferred beyond the source corpus and official link annotations.
Official resources
-
CVE-2018-11138 CVE record
CVE.org
-
CVE-2018-11138 NVD detail
NVD
-
CISA Known Exploited Vulnerabilities catalog
CISA - Apply updates per vendor instructions.
-
Source item URL
cisa_kev
CISA KEV entry dated 2022-03-25; supplied timeline also shows KEV due date 2022-04-15. This debrief uses the CVE publication date provided in the input and does not treat generation time as the vulnerability date.