PT-2011-3283 · Dell · Dell Kace K2000 System Deployment Appliance

Cody Green

Published

2011-04-10

Updated

2017-08-17

CVE-2011-1672

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Dell KACE K2000 Systems Deployment Appliance versions 3.3.36822 and earlier

Description The issue allows remote attackers to obtain sensitive information by reading certain files. Specifically, attackers can read the unattend.xml or sysprep.inf file, which may contain sensitive data such as passwords.

Recommendations For Dell KACE K2000 Systems Deployment Appliance versions 3.3.36822 and earlier, consider restricting access to the peinst CIFS share as a temporary workaround until a patch is available. Additionally, limit access to sensitive files such as unattend.xml and sysprep.inf to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2011-1672

Affected Products

Dell Kace K2000 System Deployment Appliance

PT-2011-3283 · Dell · Dell Kace K2000 System Deployment Appliance

CVE-2011-1672

Weakness Enumeration

Related Identifiers

Affected Products

References · 6