Sensitive Information Disclosure in Dell KACE K2000 Systems Deployment Appliance

Sensitive Information Disclosure in Dell KACE K2000 Systems Deployment Appliance

CVE-2011-1672 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The Dell KACE K2000 Systems Deployment Appliance 3.3.36822 and earlier contains a peinst CIFS share, which allows remote attackers to obtain sensitive information by reading the (1) unattend.xml or (2) sysprep.inf file, as demonstrated by reading a password.

Learn more about our Web Application Penetration Testing UK.