Dell KACE K2000 < 3.3.52857 Multiple Vulnerabilities

high Nessus Plugin ID 72416

Language:

Synopsis

The system deployment appliance detected on the remote host is affected by multiple vulnerabilities.

Description

The remote Dell KACE K2000 appliance is affected by multiple vulnerabilities :

- The appliance stores the recovery account password in plaintext within a PHP script. (CVE-2011-4046)

- The appliance can allow arbitrary command execution by leveraging database write access. (CVE-2011-4047)

- An information disclosure vulnerability exists as the appliance contains a default username and password for a read-only reporting account. (CVE-2011-4048)

- The appliance's web interface is affected by multiple cross-site scripting (XSS) vulnerabilities.
(CVE-2011-4436)

Solution

Upgrade to version 3.3 SP1 (3.3.52857) or later.

Plugin Details

Severity: High

ID: 72416

File Name: dell_kace_k2000_3_3_52857.nasl

Version: 1.7

Type: remote

Family: CGI abuses

Published: 2/10/2014

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/h:dell:kace_k2000_systems_deployment_appliance

Required KB Items: www/dell_kace_k2000

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/20/2012

Vulnerability Publication Date: 11/3/2011

Reference Information

CVE: CVE-2011-4046, CVE-2011-4047, CVE-2011-4048, CVE-2011-4436

BID: 50605

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990

CERT: 135606, 193529, 589089, 702169

TRA: TRA-2011-08, TRA-2011-09, TRA-2011-10, TRA-2011-11

Detections

Analytics