Arbitrary Code Execution via ACT_NEWFILESENT Action in Quest Privilege Manager

CVE-2017-6554 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

pmmasterd in Quest Privilege Manager before 6.0.0.061, when configured as a policy server, allows remote attackers to write to arbitrary files and consequently execute arbitrary code with root privileges via an ACT_NEWFILESENT action.

Learn more about our Cis Benchmark Audit For Server Software.