Information Disclosure Vulnerability in Dell KACE K2000 Systems Deployment Appliance
CVE-2011-1672

Currently unrated

Key Information:

Vendor: Dell
Status: Kace K2000 Systems Deployment Appliance
Vendor: CVE Published:; 10 April 2011

Summary

The Dell KACE K2000 Systems Deployment Appliance prior to version 3.3.36822 is vulnerable to information disclosure due to improperly secured CIFS shares. This vulnerability allows remote attackers to read sensitive configuration files, specifically 'unattend.xml' and 'sysprep.inf', potentially exposing critical information such as passwords used for system deployments, thereby compromising the security and integrity of the systems managed by KACE.

References

http://www.securityfocus.com/bid/47172

vdb-entryx_refsource_BID

http://www.kb.cert.org/vuls/id/598700

third-party-advisoryx_refsource_CERT-VN

http://www.vupen.com/english/advisories/2011/0883

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Apr 10, 2011
Vulnerability Reserved
Apr 9, 2011