Dell KACE K2000 Appliance Hidden CIFS Fileshare Information Disclosure
Medium Nessus Plugin ID 53493
SynopsisThe remote deployment appliance has an information disclosure vulnerability.
DescriptionThe remote Dell KACE K2000 appliance has an information disclosure vulnerability. A hidden, read-only share named 'peinst' is used to facilitate Windows deployments. This share is populated with pre- and post-installation tasks, as well as deployment bootfiles and media used for Windows network installs. This share allows anonymous access.
A remote, unauthenticated attacker could connect to this share, allowing them to access sensitive data used during deployments (e.g.
local and/or domain administrator credentials).
SolutionUpgrade to K2000 3.4 or later.