Executive Summary

Title Dell Kace K2000 Appliance unauthenticated access and information disclosure vulnerability
Name VU#598700 First vendor Publication 2011-04-05
Vendor VU-CERT Last vendor Modification 2011-04-05
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Vulnerability Note VU#598700

Dell Kace K2000 Appliance unauthenticated access and information disclosure vulnerability


Dell KACE K2000 Systems Deployment Appliance contains a hidden CIFS share that allows anonymous access.

I. Description

According to Dell KACE's knowledge base article: "The Dell KACE K2000 Systems Deployment Appliance version 3.3.36822 and earlier uses a read-only CIFS fileshare named "peinst" to facilitate Windows deployments. This hidden, read-only fileshare is populated with pre- and post-installation tasks as well as deployment bootfiles and media used for Windows network operating system installs (called "Scripted Installs") and imaging (called "K-images"). This fileshare is hidden. It provides anonymous read-only access because of limitations with Windows PE 2005 and earlier in accessing a password-protected share as a root drive."

II. Impact

A remote unauthenticated attacker may be able to retrieve the device's administrator password and device system information.

III. Solution

Dell KACE has plans to provide authentication for these fileshares in a future release, as earlier versions of Windows PE are phased out of its user base.

Encrypt Account Credentials and Limit Account Access

According to Dell KACE's knowledge base article: Dell KACE has recommended in its training and documentation that:

  • Account credentials used in Windows unattend.xml and sysprep.inf to join computers to a domain be encrypted using Microsofts tools.
  • The rights of accounts used in unattend.xml, sysprep.inf and any post-install script be assigned using the principle of least privilege. For example, accounts used to add a computer to a domain only have that right, restricted by container, and no other.

    Vendor Information

    VendorStatusDate NotifiedDate Updated
    Dell Computer Corporation, Inc.Affected2011-02-242011-03-23




Thanks to Cody Green for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

Date Public:2011-04-05
Date First Published:2011-04-05
Date Last Updated:2011-04-05
CERT Advisory: 
US-CERT Technical Alerts: 
Severity Metric:10.80
Document Revision:8

Original Source

Url : http://www.kb.cert.org/vuls/id/598700

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-200 Information Exposure

CPE : Common Platform Enumeration

Hardware 1

Open Source Vulnerability Database (OSVDB)

Id Description
71882 Dell KACE K2000 Appliance Hidden CIFS Fileshare Information Disclosure

Nessus® Vulnerability Scanner

Date Description
2011-04-19 Name : The remote deployment appliance has an information disclosure vulnerability.
File : dell_kace_hidden_share.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
Date Informations
2014-02-17 12:08:01
  • Multiple Updates