Details of VAR-201111-0227

ID

VAR-201111-0227

CVE

CVE-2011-4046

TITLE

Dell KACE K2000 Appliance database administration account allows arbitrary command execution

Trust: 0.8

sources: CERT/CC: VU#589089

DESCRIPTION

The Dell KACE K2000 System Deployment Appliance stores the recovery account password in cleartext within a PHP script, which allows context-dependent attackers to obtain sensitive information by examining script source code. Dell Provided by KACE K2000 System Deployment Appliance Contains a vulnerability that allows unauthorized login. Dell Provided by KACE K2000 System Deployment Appliance Has a fixed password administrator account that is invisible to the user, and there is a vulnerability that allows unauthorized login with administrator privileges. This account cannot be removed from the product web management interface.It may be accessed with administrator privileges by a remote third party. Other attacks may also be possible. Malicious actors could exploit these vulnerabilities to bypass certain security restrictions and perform cross-site scripting attacks. ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Dell KACE K2000 System Deployment Appliance Security Bypass and Cross-Site Scripting SECUNIA ADVISORY ID: SA46796 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46796/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46796 RELEASE DATE: 2011-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/46796/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46796/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46796 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue and some vulnerabilities have been reported in Dell KACE K2000 System Deployment Appliance, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site scripting attacks. 2) Certain unspecified input is not properly sanitised before being returned to the user. SOLUTION: Restrict access to trusted hosts only. Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: US-CERT credits Tenable Network Security. ORIGINAL ADVISORY: KACE: http://www.kace.com/support/kb/index.php?action=artikel&id=1120 US-CERT (VU#135606, VU#193529): http://www.kb.cert.org/vuls/id/135606 http://www.kb.cert.org/vuls/id/193529 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 4.95

sources: NVD: CVE-2011-4046 // CERT/CC: VU#589089 // CERT/CC: VU#193529 // CERT/CC: VU#702169 // CERT/CC: VU#135606 // JVNDB: JVNDB-2011-003063 // BID: 50605 // VULHUB: VHN-51991 // PACKETSTORM: 106805

AFFECTED PRODUCTS

vendor:	dell computer	model:	-	scope:	-	version:	-	Trust: 3.2
vendor:	dell	model:	kace k2000 systems deployment appliance	scope:	-	version:	-	Trust: 1.4
vendor:	dell	model:	kace k2000 systems deployment appliance	scope:	eq	version:	*	Trust: 1.0
vendor:	dell	model:	kace k2000	scope:	eq	version:	0	Trust: 0.3

sources: CERT/CC: VU#589089 // CERT/CC: VU#193529 // CERT/CC: VU#702169 // CERT/CC: VU#135606 // BID: 50605 // JVNDB: JVNDB-2011-003063 // CNNVD: CNNVD-201111-209 // NVD: CVE-2011-4046

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-4046
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#589089
value:	6.48
Trust: 0.8
CARNEGIE MELLON:	VU#193529
value:	0.75
Trust: 0.8
CARNEGIE MELLON:	VU#702169
value:	5.40
Trust: 0.8
CARNEGIE MELLON:	VU#135606
value:	33.84
Trust: 0.8
NVD:	CVE-2011-4046
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201111-209
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-51991
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2011-4046
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-51991
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#589089 // CERT/CC: VU#193529 // CERT/CC: VU#702169 // CERT/CC: VU#135606 // VULHUB: VHN-51991 // JVNDB: JVNDB-2011-003063 // CNNVD: CNNVD-201111-209 // NVD: CVE-2011-4046

PROBLEMTYPE DATA

problemtype:

CWE-310

Trust: 1.9

sources: VULHUB: VHN-51991 // JVNDB: JVNDB-2011-003063 // NVD: CVE-2011-4046

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201111-209

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201111-209

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-003063

PATCH

title:

K2000 Appliance Security Recommended Practices

url:

http://www.kace.com/support/kb/index.php?action=artikel&id=1120

Trust: 0.8

sources: JVNDB: JVNDB-2011-003063

EXTERNAL IDS

db:	CERT/CC	id:	VU#135606	Trust: 3.7
db:	NVD	id:	CVE-2011-4046	Trust: 2.8
db:	CERT/CC	id:	VU#193529	Trust: 1.2
db:	CERT/CC	id:	VU#589089	Trust: 1.1
db:	CERT/CC	id:	VU#702169	Trust: 1.1
db:	JVNDB	id:	JVNDB-2011-003063	Trust: 0.8
db:	SECUNIA	id:	46796	Trust: 0.8
db:	CNNVD	id:	CNNVD-201111-209	Trust: 0.7
db:	NSFOCUS	id:	18165	Trust: 0.6
db:	BID	id:	50605	Trust: 0.3
db:	VULHUB	id:	VHN-51991	Trust: 0.1
db:	PACKETSTORM	id:	106805	Trust: 0.1

sources: CERT/CC: VU#589089 // CERT/CC: VU#193529 // CERT/CC: VU#702169 // CERT/CC: VU#135606 // VULHUB: VHN-51991 // BID: 50605 // JVNDB: JVNDB-2011-003063 // PACKETSTORM: 106805 // CNNVD: CNNVD-201111-209 // NVD: CVE-2011-4046

REFERENCES

url:	http://www.kace.com/support/kb/index.php?action=artikel&id=1120&artlang=en	Trust: 4.8
url:	about vulnerability notes	Trust: 3.2
url:	contact us about this vulnerability	Trust: 3.2
url:	provide a vendor statement	Trust: 3.2
url:	http://www.kb.cert.org/vuls/id/135606	Trust: 2.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4046	Trust: 0.8
url:	https://jvn.jp/cert/jvnvu135606/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4046	Trust: 0.8
url:	http://secunia.com/advisories/46796	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/18165	Trust: 0.6
url:	http://www.kb.cert.org/vuls/id/193529	Trust: 0.4
url:	http://dell.com	Trust: 0.3
url:	http://www.kb.cert.org/vuls/id/589089	Trust: 0.3
url:	http://www.kb.cert.org/vuls/id/702169	Trust: 0.3
url:	http://www.kace.com/support/kb/index.php?action=artikel&id=1120&artlang=en	Trust: 0.1
url:	http://secunia.com/advisories/46796/#comments	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=46796	Trust: 0.1
url:	http://secunia.com/vulnerability_intelligence/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/46796/	Trust: 0.1
url:	http://www.kace.com/support/kb/index.php?action=artikel&id=1120	Trust: 0.1
url:	http://secunia.com/products/corporate/vim/ovum_2011_request/	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

CREDITS

Tenable Network Security

Trust: 0.3

sources: BID: 50605

SOURCES

db:	CERT/CC	id:	VU#589089
db:	CERT/CC	id:	VU#193529
db:	CERT/CC	id:	VU#702169
db:	CERT/CC	id:	VU#135606
db:	VULHUB	id:	VHN-51991
db:	BID	id:	50605
db:	JVNDB	id:	JVNDB-2011-003063
db:	PACKETSTORM	id:	106805
db:	CNNVD	id:	CNNVD-201111-209
db:	NVD	id:	CVE-2011-4046

LAST UPDATE DATE

2025-04-11T23:08:52.972000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#589089	date:	2011-11-08T00:00:00
db:	CERT/CC	id:	VU#193529	date:	2011-11-08T00:00:00
db:	CERT/CC	id:	VU#702169	date:	2015-09-30T00:00:00
db:	CERT/CC	id:	VU#135606	date:	2015-09-30T00:00:00
db:	VULHUB	id:	VHN-51991	date:	2011-11-15T00:00:00
db:	BID	id:	50605	date:	2011-11-08T00:00:00
db:	JVNDB	id:	JVNDB-2011-003063	date:	2011-11-28T00:00:00
db:	CNNVD	id:	CNNVD-201111-209	date:	2011-11-14T00:00:00
db:	NVD	id:	CVE-2011-4046	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#589089	date:	2011-11-08T00:00:00
db:	CERT/CC	id:	VU#193529	date:	2011-11-08T00:00:00
db:	CERT/CC	id:	VU#702169	date:	2011-11-08T00:00:00
db:	CERT/CC	id:	VU#135606	date:	2011-11-08T00:00:00
db:	VULHUB	id:	VHN-51991	date:	2011-11-12T00:00:00
db:	BID	id:	50605	date:	2011-11-08T00:00:00
db:	JVNDB	id:	JVNDB-2011-003063	date:	2011-11-28T00:00:00
db:	PACKETSTORM	id:	106805	date:	2011-11-09T06:29:15
db:	CNNVD	id:	CNNVD-201111-209	date:	2011-11-11T00:00:00
db:	NVD	id:	CVE-2011-4046	date:	2011-11-12T00:55:01.067