Sign-up

ID

VAR-201104-0209


CVE

CVE-2011-1672


TITLE

Dell Kace K2000 Appliance unauthenticated access and information disclosure vulnerability

Trust: 0.8

sources: CERT/CC: VU#598700

DESCRIPTION

The Dell KACE K2000 Systems Deployment Appliance 3.3.36822 and earlier contains a peinst CIFS share, which allows remote attackers to obtain sensitive information by reading the (1) unattend.xml or (2) sysprep.inf file, as demonstrated by reading a password. Dell Kace K2000 Systems Deployment Appliance Contains a vulnerability. Dell Kace K2000 Systems Deployment Appliance Is Windows You are using a file share for installation. This file share has a hidden attribute, Windows Contains files used at startup. Access to this file share is not restricted and may be accessed without authentication. In addition, Dell The following vulnerability information has been released. This hidden, read-only fileshare is populated with pre- and post-installation tasks as well as deployment bootfiles and media used for Windows network operating system installs (called "Scripted Installs") and imaging (called "K-images"). This fileshare is hidden. Dell Kace K2000 is prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to obtain potentially sensitive information that may lead to further attacks

Trust: 3.42

sources: NVD: CVE-2011-1672 // CERT/CC: VU#598700 // JVNDB: JVNDB-2011-004478 // JVNDB: JVNDB-2011-001454 // BID: 47172 // VULHUB: VHN-49617

AFFECTED PRODUCTS

vendor:dellmodel:kace k2000 systems deployment appliancescope:lteversion:3.3.36822

Trust: 1.8

vendor:dell computermodel: - scope: - version: -

Trust: 0.8

vendor:dellmodel:kace k2000 systems deployment appliancescope:lteversion:version 3.3.36822

Trust: 0.8

vendor:dellmodel:kace k2000 systems deployment appliancescope:eqversion:3.3.36822

Trust: 0.6

vendor:dellmodel:kace k2000scope:eqversion:0

Trust: 0.3

sources: CERT/CC: VU#598700 // BID: 47172 // JVNDB: JVNDB-2011-004478 // JVNDB: JVNDB-2011-001454 // CNNVD: CNNVD-201104-071 // NVD: CVE-2011-1672

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-1672
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#598700
value: 10.80

Trust: 0.8

NVD: CVE-2011-1672
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201104-071
value: MEDIUM

Trust: 0.6

VULHUB: VHN-49617
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2011-1672
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-49617
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#598700 // VULHUB: VHN-49617 // JVNDB: JVNDB-2011-004478 // CNNVD: CNNVD-201104-071 // NVD: CVE-2011-1672

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-49617 // JVNDB: JVNDB-2011-004478 // NVD: CVE-2011-1672

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201104-071

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201104-071

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-004478

PATCH
title:KACEurl:http://www.kace.com/
Trust: 0.8
title:K2000 peinst file share informationurl:http://www.kace.com/support/kb/index.php?action=artikel&cat=1&id=1104
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2011-004478 // 
            
            
            
            JVNDB: JVNDB-2011-001454

EXTERNAL IDS
db:CERT/CCid:VU#598700
Trust: 4.1
db:NVDid:CVE-2011-1672
Trust: 2.8
db:BIDid:47172
Trust: 1.4
db:VUPENid:ADV-2011-0883
Trust: 1.1
db:JVNDBid:JVNDB-2011-004478
Trust: 0.8
db:JVNDBid:JVNDB-2011-001454
Trust: 0.8
db:CNNVDid:CNNVD-201104-071
Trust: 0.7
db:VULHUBid:VHN-49617
Trust: 0.1
sources:
            
            
            CERT/CC: VU#598700 // 
            
            
            
            VULHUB: VHN-49617 // 
            
            
            
            BID: 47172 // 
            
            
            
            JVNDB: JVNDB-2011-004478 // 
            
            
            
            JVNDB: JVNDB-2011-001454 // 
            
            
            
            CNNVD: CNNVD-201104-071 // 
            
            
            
            NVD: CVE-2011-1672

REFERENCES
url:http://www.kb.cert.org/vuls/id/598700
Trust: 3.3
url:http://www.kace.com/support/kb/index.php?action=artikel&cat=1&id=1104
Trust: 2.7
url:http://www.securityfocus.com/bid/47172
Trust: 1.1
url:http://www.vupen.com/english/advisories/2011/0883
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/66630
Trust: 1.1
url:about vulnerability notes
Trust: 0.8
url:contact us about this vulnerability
Trust: 0.8
url:provide a vendor statement
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1672
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1672
Trust: 0.8
url:http://jvn.jp/cert/jvnvu598700
Trust: 0.8
url:http://dell.com
Trust: 0.3
url:http://www.us-cert.gov/
Trust: 0.3
url:http://www.kace.com/support/kb/index.php?action=artikel&cat=1&id=1104
Trust: 0.1
sources:
            
            
            CERT/CC: VU#598700 // 
            
            
            
            VULHUB: VHN-49617 // 
            
            
            
            BID: 47172 // 
            
            
            
            JVNDB: JVNDB-2011-004478 // 
            
            
            
            JVNDB: JVNDB-2011-001454 // 
            
            
            
            CNNVD: CNNVD-201104-071 // 
            
            
            
            NVD: CVE-2011-1672

CREDITS
Cody Green
Trust: 0.3
sources:
            
            
            BID: 47172

SOURCES
db:CERT/CCid:VU#598700
db:VULHUBid:VHN-49617
db:BIDid:47172
db:JVNDBid:JVNDB-2011-004478
db:JVNDBid:JVNDB-2011-001454
db:CNNVDid:CNNVD-201104-071
db:NVDid:CVE-2011-1672

LAST UPDATE DATE
2025-04-11T22:59:32.049000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#598700date:2011-04-05T00:00:00
db:VULHUBid:VHN-49617date:2017-08-17T00:00:00
db:BIDid:47172date:2015-04-13T21:01:00
db:JVNDBid:JVNDB-2011-004478date:2012-03-27T00:00:00
db:JVNDBid:JVNDB-2011-001454date:2011-04-28T00:00:00
db:CNNVDid:CNNVD-201104-071date:2011-04-14T00:00:00
db:NVDid:CVE-2011-1672date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CERT/CCid:VU#598700date:2011-04-05T00:00:00
db:VULHUBid:VHN-49617date:2011-04-10T00:00:00
db:BIDid:47172date:2011-04-05T00:00:00
db:JVNDBid:JVNDB-2011-004478date:2012-03-27T00:00:00
db:JVNDBid:JVNDB-2011-001454date:2011-04-28T00:00:00
db:CNNVDid:CNNVD-201104-071date:2011-04-14T00:00:00
db:NVDid:CVE-2011-1672date:2011-04-10T02:55:01.680