CVE-2018-5406

CVE-2018-5406: The Quest Kace K1000 Appliance misconfigures the Cross-Origin Resource Sharing (CORS) mechanism.

Vendor Quest Kace
Product K1000 Appliance
Weakness CWE-284
Published June 3, 2019
Last update August 5, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows a remote attacker to exploit the misconfigured Cross-Origin Resource Sharing (CORS) mechanism. An unauthenticated, remote attacker could exploit this vulnerability to perform sensitive actions such as adding a new administrator account or changing the appliance’s settings. A malicious internal user could also gain administrator privileges of this appliance and use it to visit a malicious link that exploits this vulnerability. This could cause the application to perform sensitive actions such as adding a new administrator account or changing the appliance’s settings. An unauthenticated, remote attacker could add an administrator-level account or change the appliance's settings.

Key dates

02Disclosure timeline

June 3, 2019 CVE published
August 5, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2019-15589 CVE-2021-40130 Cisco Common Services Platform Collector Improper Logging Restriction Vulnerability CVE-2021-28504 On Arista Strata family products which have “TCAM profile” feature enabled when Port IPv4 access-list has a rule which matches on “vxlan” as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol fi ... CVE-2023-21673 Improper Access Control in Kernel CVE-2025-5390 JeeWMS File filedeal.do filedeal access control