At Akamai, the Enterprise Security Red Team (ESRT) continuously strives to evaluate the security of both our external and internal services. We look at the security of the services we build and purchase for security vulnerabilities that could negatively impact our business and our customers. During a scheduled sorti, the ESRT investigated how to pivot access from a local package management system used to support our endpoints. While that system didn't yield a direct finding, we did find a transitive relationship with a Quest Kace 1200 system, also used to manage corporate devices. So, we decided to take a closer look at our KACE Management Appliance. \r\n When reviewing this appliance, we tested to see if there were any vulnerabilities that could be used to escalate an average user's permission to impact other users. We were able to identify one vulnerable endpoint that we could leverage for a [SQL injection attack]( https://owasp.org/www-community/attacks/SQL_Injection ).…