CVE-2020-8868

Summary

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the service user account. The product contains a hard-coded password for this account. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-9553.

Affected Software

VendorProductVersion RangeStatus
QuestFoglight Evolve9.0.0affected

Weaknesses

  • CWE-798: CWE-798: Use of Hard-coded Credentials

ADP Enrichment

CVE Program Container

Additional References

References