search menu icon-carat-right cmu-wordmark

CERT Coordination Center


Dell Kace K2000 Appliance unauthenticated access and information disclosure vulnerability

Vulnerability Note VU#598700

Original Release Date: 2011-04-05 | Last Revised: 2011-04-05

Overview

Dell KACE K2000 Systems Deployment Appliance contains a hidden CIFS share that allows anonymous access.

Description

According to Dell KACE's knowledge base article: "The Dell KACE K2000 Systems Deployment Appliance version 3.3.36822 and earlier uses a read-only CIFS fileshare named "peinst" to facilitate Windows deployments. This hidden, read-only fileshare is populated with pre- and post-installation tasks as well as deployment bootfiles and media used for Windows network operating system installs (called "Scripted Installs") and imaging (called "K-images"). This fileshare is hidden. It provides anonymous read-only access because of limitations with Windows PE 2005 and earlier in accessing a password-protected share as a root drive."

Impact

A remote unauthenticated attacker may be able to retrieve the device's administrator password and device system information.

Solution

Dell KACE has plans to provide authentication for these fileshares in a future release, as earlier versions of Windows PE are phased out of its user base.

Encrypt Account Credentials and Limit Account Access

According to Dell KACE's knowledge base article: Dell KACE has recommended in its training and documentation that:

    • Account credentials used in Windows unattend.xml and sysprep.inf to join computers to a domain be encrypted using Microsofts tools.
    • The rights of accounts used in unattend.xml, sysprep.inf and any post-install script be assigned using the principle of least privilege. For example, accounts used to add a computer to a domain only have that right, restricted by container, and no other.

Vendor Information

598700
Expand all

Dell Computer Corporation, Inc.

Notified:  February 24, 2011 Updated:  March 23, 2011

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

http://www.kace.com/support/kb/index.php?action=artikel&cat=1&id=1104

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

Thanks to Cody Green for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

CVE IDs: None
Severity Metric: 10.80
Date Public: 2011-04-05
Date First Published: 2011-04-05
Date Last Updated: 2011-04-05 17:06 UTC
Document Revision: 8

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.