Dell KACE K1000 < 5.5.90547 / 5.4.76849 Arbitrary File Upload and Command Execution

critical Nessus Plugin ID 73213

Synopsis

The web interface for a system management appliance is affected by an arbitrary file upload vulnerability.

Description

The web interface for the version of the Dell KACE K1000 appliance on the remote host is affected by an arbitrary file upload vulnerability.

With a specially crafted HTTP request, an attacker could upload a malicious script to the web server directory and use it to execute arbitrary commands with admin privileges.

Solution

Upgrade K1000 to 5.5.90547 / 5.4.76849 or later.

See Also

http://www.nessus.org/u?7b00cd52

Plugin Details

Severity: Critical

ID: 73213

File Name: dell_kace_k1000_5_5_90547_file_upload.nasl

Version: 1.4

Type: remote

Family: CGI abuses

Published: 3/26/2014

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/h:dell:kace_k1000_systems_management_appliance

Required KB Items: Settings/ParanoidReport, www/dell_kace_k1000

Patch Publication Date: 3/11/2014

Vulnerability Publication Date: 3/7/2014