Dell KACE Systems Management Appliance (K1000)

vendor:

by:

Julien Ahrens

7.5

CVSS

HIGH

Unauthenticated Remote Code Execution

CWE

Product Name: Dell KACE Systems Management Appliance (K1000)

Affected Version From: <= 6.4.120756

Affected Version To:

Patch Exists: YES

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2019

Dell KACE Systems Management Appliance (K1000) <= 6.4.120756 Unauthenticated RCE

This exploit allows an attacker to execute arbitrary commands on the target system without authentication. It takes advantage of a vulnerability in Dell KACE Systems Management Appliance (K1000) version 6.4.120756 and earlier.

Mitigation:

Update Dell KACE Systems Management Appliance to a version higher than 6.4.120756.

Source

Dell KACE Systems Management Appliance (K1000) <= 6.4.120756 Unauthenticated RCE

Mitigation:

Exploit-DB raw data: