Return
-
Title
Quest response to MS-ISAC 2020-023 (PHP Vulnerability) -
Description
There has been an MS-ISAC Cybersecurity Advisory concerning arbitrary code execution affecting multiple versions of PHP.
More information can be found here: https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-php-could-allow-for-arbitrary-code-execution_2020-023/
-
Resolution
The KACE Systems Management Appliance (SMA) version 10.x and KACE Systems Deployment Appliance (SDA) version 7.x leverage an affected version of PHP (7.2.17).
However, the SMA and SDA are not affected by these vulnerabilities as they are closed appliances and will not allow arbitrary PHP code to be executed.
PHP will be updated in upcoming releases of the SMA and SDA to remediate this vulnerability.