PT-2011-3283 · Dell · Dell Kace K2000 System Deployment Appliance

Cody Green

Publicado

2011-04-10

Atualizado

2017-08-17

CVE-2011-1672

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Dell KACE K2000 Systems Deployment Appliance versions 3.3.36822 and earlier

Description The issue allows remote attackers to obtain sensitive information by reading certain files. Specifically, attackers can read the unattend.xml or sysprep.inf file, which may contain sensitive data such as passwords.

Recommendations For Dell KACE K2000 Systems Deployment Appliance versions 3.3.36822 and earlier, consider restricting access to the peinst CIFS share as a temporary workaround until a patch is available. Additionally, limit access to sensitive files such as unattend.xml and sysprep.inf to minimize the risk of exploitation.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2011-1672

Produtos afetados

Dell Kace K2000 System Deployment Appliance

PT-2011-3283 · Dell · Dell Kace K2000 System Deployment Appliance

CVE-2011-1672

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6