search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Dell Kace K2000 Appliance unauthenticated access and information disclosure vulnerability

Vulnerability Note VU#598700

Original Release Date: 2011-04-05 | Last Revised: 2011-04-05


Dell KACE K2000 Systems Deployment Appliance contains a hidden CIFS share that allows anonymous access.


According to Dell KACE's knowledge base article: "The Dell KACE K2000 Systems Deployment Appliance version 3.3.36822 and earlier uses a read-only CIFS fileshare named "peinst" to facilitate Windows deployments. This hidden, read-only fileshare is populated with pre- and post-installation tasks as well as deployment bootfiles and media used for Windows network operating system installs (called "Scripted Installs") and imaging (called "K-images"). This fileshare is hidden. It provides anonymous read-only access because of limitations with Windows PE 2005 and earlier in accessing a password-protected share as a root drive."


A remote unauthenticated attacker may be able to retrieve the device's administrator password and device system information.


Dell KACE has plans to provide authentication for these fileshares in a future release, as earlier versions of Windows PE are phased out of its user base.

Encrypt Account Credentials and Limit Account Access

According to Dell KACE's knowledge base article: Dell KACE has recommended in its training and documentation that:

    • Account credentials used in Windows unattend.xml and sysprep.inf to join computers to a domain be encrypted using Microsofts tools.
    • The rights of accounts used in unattend.xml, sysprep.inf and any post-install script be assigned using the principle of least privilege. For example, accounts used to add a computer to a domain only have that right, restricted by container, and no other.

Vendor Information


Dell Computer Corporation, Inc. Affected

Notified:  February 24, 2011 Updated: March 23, 2011



Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

CVSS Metrics

Group Score Vector



Thanks to Cody Green for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

CVE IDs: None
Severity Metric: 10.80
Date Public: 2011-04-05
Date First Published: 2011-04-05
Date Last Updated: 2011-04-05 17:06 UTC
Document Revision: 9

Sponsored by CISA.