The exposure of the KACE Systems Management Appliance’s installer interface through the /common/setup.php endpoint allowed unauthorized access to the system setup wizard. This interface was publicly accessible when it should have been restricted, potentially granting attackers the ability to initiate or manipulate the setup process, leading to system compromise or unauthorized configuration changes.
PoC代码[已公开]
id: kace-sma-installer
info:
name: KACE Systems Management Appliance - Installer
author: ritikchaddha
severity: high
description: |
The exposure of the KACE Systems Management Appliance’s installer interface through the /common/setup.php endpoint allowed unauthorized access to the system setup wizard. This interface was publicly accessible when it should have been restricted, potentially granting attackers the ability to initiate or manipulate the setup process, leading to system compromise or unauthorized configuration changes.
metadata:
verified: true
max-request: 1
vendor: quest
product: kace_systems_management_appliance
fofa-query: icon_hash="-463230636" && body="setup"
tags: kace,sma,installer,exposure,quest,vuln
http:
- method: GET
path:
- "{{BaseURL}}/common/setup.php"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Initial Setup"
- "setup_wizard"
- "KACE"
condition: and
case-insensitive: true
- type: status
status:
- 200
# digest: 4b0a00483046022100c811bc9f54dc457d2f2b933fdb4e1a64d6f180c13209e7ed7b1f85b72729fb79022100fc125b0cc19fe3fb9ac1892f7d2b48689058fb47d23192810064dd3d31360a1e:922c64590222798bb761d5b6d8e72950